A safe text editor // why??

[Peter Lebbing]

On 11/09/12 16:57, Heinz Diehl wrote:
> You can mount /tmp and the various other tmpfiles to memory. That's
> what I do (not for security reasons, but to have the tmp stuff deleted
> on reboot).

So you store the unencrypted file to /tmp and edit it there with whatever
program is needed? Say you're editing an image. Personally, I have a .thumbnails
directory in my *home directory*. This would probably include thumbnails of
files I edit or browse in my /tmp directory. This leaks image information
outside the /tmp partition.

So you have to completely trust that the program you're using is keeping all
data in /tmp, which I certainly do not. Not in the last place because that was
never a requirement when the program was written.

> If this makes sense for you, you could easily edit your file, save it
> somewhere where it is secured, delete it on the harddisk and fill the
> unused space with random noise via dd or similar

This is not true. What if the 10-byte file I mentioned gets allocated on the
block that contains unencrypted information? There are programs that will try to
fill the internal fragmentation (slack space) thus created, but they warn that
this is racey for obvious reasons. It's not sure-fire.

And then we haven't even started discussing journalling filesystems.

> Why don't you just boot from USB-stick or DVD, edit your file, save it
> away and reboot?

I didn't go into the specifics, partly because I'm not sure anymore. But I am
sure that the tools I needed were not in an off-the-shelf live image so that
rules out the booting from live option.

I wasn't debating the merits of the method, to be honest. I was giving a
real-life example of avoiding leaking data to your hard disk.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt