wipe issues

[David Champion]

* On 2002.07.10, in <20020710174235.GE2662@akamai.com>,
*	"David Shaw" <dshaw@jabberwocky.com> wrote:
>
> platform.  Since there are already wipers for pretty much all
> platforms, why implement the same thing again?

(I think this was discussed once, but I don't recall the conclusion.) I
don't particularly think that GnuPG should have a wiper in it, but it
would be nice if it could support calling one -- e.g., if you set

	--file-erase "wipe --arbitrary-option"

then gpg might call "wipe --arbitrary-option %s" on any temporary file
before unlinking it.

Does that seem desirable? It would involve no portable code, but it
would resolve the FAQ. Some might still prefer having it incorporated
into gpg, but this is perhaps better than nothing.

It would provide a way for someone to install programs into your $PATH
that would be able to read your temporary files. You could require
fully-qualified paths to minimize this risk. But it might come down
to something that you (the gpg development group) don't want to make
possible.



Meanwhile, if this bugs you as a user, there might be an alternative for
some varieties of UNIX. Define an unlink function that does a wipe:

int unlink(const char *path)
{
	char cmd[512];
	snprintf(cmd, 512, "wipe --arbitrary-option %s", path);
	return system(cmd);
}

Then compile that as a shared object, and preload it into gpg. That
would vary from platform to platform, but here's the Solaris way:

	cc -KPIC -G -o unlink.so unlink.c			[SUNWspro]
		-or-
	gcc -shared -fpic -Wl,-G -o gpgwipe.so gpgwipe.c	[gcc]
		-then-
	LD_PRELOAD=gpgwipe.so gpg --do-something

(Your wipe command would need to perform its own unlink.)

-- 
 -D.			Fresh fruit enriches everyone.  Takes the thirst
 ENSA, NSIT		out of everyday time.  A pure whiff of oxygen,
 University of Chicago	painting over a monochrome world in primary colors.
 dgc@uchicago.edu	We all know that.  It's why everyone loves fruit.