LibSecRm

Contents:

• Description
• Screenshots
• Download
• Building the software
• Limitations
• System compatibility
• Reporting issues
• My projects on SourceForge
• My other software
• Contact information
• Page information

Description

LibSecRm (LIBrary for SECure ReMoval) is a library which partially (read below for limitations) ensures secure data deleting by intercepting calls to some C library functions and replacing them by its own substitutes.

The data that would be deleted from a file is first securely wiped, then the original functions are called. This way, LibSecRm protects your sensitive deleted data from being recovered, thus protecting the user's privacy.

Normally, when you delete a file, only the information about where the file was is deleted, the file contents stays on the drive. If there's no writing to that area, the file can physically stay on the drive for a long time. The file contents can be found by e.g. dumping the whole drive with the dd program to a file and looking at the generated image. This may seem not so dangerous, but if you delete confidential information (files with passwords, credit card numbers, encryption keys), any person with physical access to the drive can read that information and use it against you.

Sometimes you may delete confidential data the normal way by accident (or have no other choice, because programs like Internet browsers, mail clients, chat clients delete data the normal way). In such case normally you would have to shred the whole partition, which may be a big problem. This is where LibSecRm comes in. This library intercepts the deleting process and works in a similar way to the shred program, overwriting the data before deleting the file.

LibSecRm partially also takes care about memory security - some of the memory allocation functions are intercepted, and the allocated memory is wiped before passing it to the calling program.

See a diagram describing LibSecRm's operation.

The most up-to-date documentation can be found in the package itself, a generated copy is available here, in the docs directory.

Documentation is also available on the LibSecRm wiki.

LibSecRm has been added to Softpedia Mac and Softpedia Linux.

LibSecRm has been added to FamousWhy: LibSecRm and has received the Famous Software Award

THE LIBRARY HAS BEEN TESTED, BUT IT MAY NOW OR LATER CONTAIN ERRORS, WHICH MAY LEAD TO UNINTENTIONAL DATA LOSS. READ THE LICENSE FOR A WARRANTY (THERE IS NONE).

Screenshots of LibSecRm

Screenshots are available on the SourceForge project page.

Download LibSecRm

Current version is 3.2.



Download this at SourceForge.

(free badge provided by Shields.io)

LibSecRm release file feed

RPM dependencies:

• libc.so.6(GLIBC_2.14)(64bit)

Building the software

The most up-to-date instructions can be found in the package itself, a generated copy is available here, in the docs directory.

Requirements for compiling:

• a working C compiler (C++ compilers won't work due to variable casts)
  
  
• development package for the C library (like glibc-devel and glibc-headers) with the signal.h and (especially) fcntl.h, unistd.h and sys/stat.h headers.
  • Note that some glibc versions (2.11 is known of this) have a bug in their dl(v)sym implementation, which may cause LibSecRm to hang during searching for the original versions of the substituted C functions. If you observe this, it is best to upgrade glibc. If not possible, you can start deleting substituted functions from open() and check each time it your current version started to work (yes, this decreases security).
  • The unistd.h contains functions needed for wiping to work at all. Nothing will be done if this file is missing.
  • The sys/stat.h contains functions needed to check the wiped object's type. LibSecRm will wipe only regular files. If this file is missing, nothing can be wiped.
  • The dlfcn.h header contains functions needed to call the original functions. It has to have RTLD_NEXT defined. LibSecRm wouldn't work without this, so it won't compile without this.
  • The fcntl.h header has functions needed to prevent wiping files that are set to be deleted, but still open. It has to have F_SETLEASE, F_GETSIG and F_SETSIG defined in it (this is available on GNU/Linux, but may not be available everywhere) for this feature to work. LibSecRm will work without this, but strange things may happen. If you don't have this, put /bin/bash in the program ban file and "ICE" (without the double quotes) in the file ban file (read the "Manual configuration" chapter in the "info" documentation).
• libdl, the dynamic loading library, with its development package (unless the required functions are in the C library)
  
  
• the make program
  
  

Type ./configure to configure the library for your system.

If you want to enable the public interface of LibSecRm, configure the library with ./configure --enable-public-interface.

The public interface is compatible with SWIG, so you can make native bindings to LibSecRm for any supported language.

Type make to compile the library.

Documentation comes complied (and can be copied right away), but can be changed and recompiled, if you have the makeinfo program (texinfo package).

Type make install to install the library. Read the docs on how to make the library running.

Type info libsecrm (after installation) or info doc/libsecrm.info (before installation) to get help.

Limitations

LibSecRm can do nothing if:

• a program is using direct kernel calls or non-standard calls, thus bypassing even the C library
• LibSecRm is not loaded (read the "Installing" chapter in the "info" docs)
• a program is linked statically (so it doesn't use shared libraries and has all the functions compiled in it)
• the operating system doesn't support shared libraries (like DOS)
• the operating system doesn't support preloading shared libraries before system libraries
• LibSecRm is enabled by setting environment variables and a program is launched by another program, which clears the environment variables used by the dynamic linker, so the dynamic linker doesn't preload LibSecRm. Some Java Runtime Environments seem to do this

System compatibility

LibSecRm, in various versions, has been successfully compiled on the following systems:

• Fedora Core 4 GNU/Linux (i686 CPU)
• Fedora 12 GNU/Linux (i686 CPU)
• Mandriva 2008.1, 2011 (gcc 4.6.1) GNU/Linux (i686 CPU)
• OpenBSD 3.8 (x86 CPU)
• Debian 5.0 GNU/Linux (x86 CPU)
• OpenMandriva Lx 3.0, 4.2, 4.3 (gcc 11.2.0) GNU/Linux (amd64 CPU)
• Ubuntu (amd64 CPU) (Travis): log
• FreeBSD (Travis): log
• macOS X (Travis): log

Reporting issues

Any defects or issues can be reported by e-mail or in the SourceForge project defect manager (in English).

Any improvement suggestions can be reported by e-mail or in the SourceForge project ticket manager (in English).

To report build or installation problems, include:

1. the compiler name and version (e.g. gcc version 10),
2. the C standard library name and version (e.g. glibc version 2.x),
3. the output of the configure script. You can capture it by running ./configure > configure-output.txt 2>&1,
4. the generated config.log file,
5. the generated config.h file, if it exists,
6. the output of the make command. You can capture it by running make > make-output.txt 2>&1,
7. any other error messages,
8. any other information that you think could lead to solving the problem.

To report usage problems, include:

1. all the above things you include when reporting building problems,
2. a description of the problem that the software causes,
3. any error messages that are displayed,
4. any other information that you think could lead to solving the problem.

Help in victory, play a game, send regards, or at least stop using some products

My projects on SourceForge

• WipeFreeSpace - a program for cleaning of free space on filesystems
• LibSecRm - a security wrapper library for C library functions which insecurely delete data
• Trinventum - software that helps manage an e-business
• Meqaris - meeting room and equipment booking system using e-mail invitations
• JYMAG - a program for serial-based (AT-based) mobile phones (like Sagem) and a serial port terminal
• IMYplay - a program for playing iMelody ringtones (IMY files) and an IMY-to-MIDI converter
• LibHideIP - a security wrapper library for C library functions which could lead to revealing your local IP address
• LibNetBlock - a security wrapper library that ensures that no program under its control can access the network
• FMSec - a set of extensions to file managers that enable some security-related operations to be easily performed. The operations include:
  • Secure removal of files using shred,
  • Secure removal of directories,
  • Mounting block devices and regular files using VeraCrypt,
  • Unmounting directories using VeraCrypt,
  • Wiping block devices (without removing them) using shred (the filesystem itself is destroyed too)
  • Wiping free space on filesystems on block devices or inside regular files using WipeFreeSpace,
  • Encrypting and decrypting files using OpenSSL,
  • running programs with LibSecRm preloaded,
  • running programs with LibHideIP preloaded,
  • running programs with LibNetBlock preloaded.
  FMSec consists of projects formerly known as KonqSec/Konq4Sec/Konq5Sec.
• Project Asmosis - a set of tools for assembly language programmers:
  • the Asm::X86 Perl module,
  • AsmDoc - a HTML documentation generator for assembly language,
  • assembly source code converters between NASM, fasm and GNU as,
  • C header to assembly header converters (h2fasm, h2gas, h2nasm),
  • Makefile generator for fasm (make4fasm),
  • Linux 2.6 kernel module helpers for fasm and NASM (symvers-nasm, symvers-fasm),
  • Asm4Doxy - Assembly converter for Doxygen,
  • util-macros.* - some utility macros for fasm and NASM,
  • Autoconf macros that check for existence and command-line options of the various assemblers (ax_prog_nasm.m4, ax_prog_nasm_opt.m4, ax_prog_fasm.m4, ax_prog_fasm_opt.m4, ax_prog_yasm.m4, ax_prog_yasm_opt.m4, ax_prog_tasm.m4, ax_prog_tasm_opt.m4, ax_prog_masm.m4, ax_prog_masm_opt.m4, ax_prog_hla.m4, ax_prog_hla_opt.m4),
  • OS parts - sample pieces of code that may be useful for starting developing a simple operating system.
• KeyParaStocX - is an extension for LibreOffice, Apache OpenOffice and the old OpenOffice.org that searches for keywords in a text, changes their style and builds a Table of Contents for them (formerly: "PozeraczUstaw").
• Fronsetia - a web application that allows testing webservices (formerly: SOAPServiceTester).

The always-up-to-date list of my SourceForge projects is on my profile page on SourceForge.

My other software

• primary site - rudy.mif.pg.gda.pl/~bogdro/soft - down
• first backup site - bogdro.ciki.me/soft - down
• second backup site - bogdro.fulba.com/soft - down
• third backup site (also available over HTTPS)
• fourth backup site (also available over HTTPS)

1. Certificate and key generators
2. E-mail address verifiers
3. LastMod - a script that inserts or updates a META element with the Last-Modified HTTP header
4. Atom2Rss - a script that converts an Atom (RFC 4287) channel XML file to an RSS 2.0 XML file
5. List2Atom - a script that generates an Atom (RFC 4287) channel XML file from a list of files
6. InSyTrack - telemetry software to track program flow (calls) across libraries, threads, programming languages or even different systems on different machines

• primary site with assembly tools - rudy.mif.pg.gda.pl/~bogdro/inne - down
• first backup site with assembly tools - bogdro.ciki.me/inne - down
• second backup site with assembly tools - bogdro.fulba.com/inne - down
• third backup site with assembly tools (also available over HTTPS)
• fourth backup site with assembly tools (also available over HTTPS)

1. Kate/KWrite syntax highlighting for NASM/fasm

Contact information

Contact me: bogdro AT users . sourceforge . net (English accepted, just say '[SOFT]' in the title).

The certificate of the timestamping server which confirms the signature time, can be found on freeTSA.org.

Page information

This page is hosted at SourceForge.net.
This page is written using valid HTML 4.01 , , for all browsers:

This page uses a valid CSS

This page has a content security policy.

This page doesn't use GIF images and doesn't use JPG images.

This page is pure HTML and CSS.

The project icon was created using Inkscape™.

Legal information

Oracle®, Java, and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

LINUX® is a registered trademark of Linus Torvalds.

"Fedora" and the Fedora logo are trademarks of Red Hat, Inc.

Debian is a registered trademark of Software in the Public Interest, Inc.

Ubuntu is a registered trademark of Canonical Limited.

FreeBSD is a registered trademark of The FreeBSD Foundation.

macOS® is a registered trademark of Apple Inc.

All other trademarks, logos and names on this page and all subpages are properties of their respective owners and are given here only as an example.