LibSecRm is a library which partially (read below for limitations) ensures secure data deleting by intercepting calls to some C library functions and replacing them by its own substitutes.

The data that would be deleted from a file is first securely wiped, then the original functions are called.

Libsecrm partially also takes care about memory security - some of the memory allocation functions are intercepted, and the allocated memory is wiped before passing it to the calling program.

Requirements for compiling:

* a non-root account. Please, NEVER compile or 'make' anything as root.
* a working C compiler
* development package for the C library (like glibc-devel and glibc-headers) with the signal.h and (especially) fcntl.h, unistd.h and sys/stat.h headers.

The unistd.h contains functions needed for wiping to work at all. Nothing will be done if this file is missing.

The sys/stat.h contains functions needed to check the wiped object's type. Libsecrm will wipe only regular files. If this file is missing, nothing can be wiped.

The dlfcn.h header contains functions needed to call the original functions. It has to have RTLD_NEXT defined. Libsecrm wouldn't work without this, so it won't compile without this.

The fcntl header has functions needed to prevent wiping files that are set to be deleted, but still open. It has to have F_SETLEASE, F_GETSIG and F_SETSIG defined in it (this is available on GNU/Linux, but may not be available everywhere) for this feature to work. Libsecrm will work without this, but strange things may happen. If you don't have this, put /bin/bash in the program ban file and "ICE" (without the double quotes) in the file ban file (read the "Manual configuration" chapter in the "info" documentation).

* libdl, the dynamic loading library, with its development package (unless the required functions are in the C library)
* the 'make' program

Type './configure' to configure the program for your system.

Type 'make' to compile the program. Documentation comes complied (and can be copied right away), but can be changed and recompiled, if you have the 'makeinfo' program ('texinfo' package).

Type 'make install' to install the program. Read the docs on how to make the program running.

Type 'info libsecrm' (after installation) or 'info doc/libsecrm.info' (before installation) to get help.

RPM dependencies:

* libc.so.6 (GLIBC_2.2)

THE LIBRARY HAS BEEN TESTED, BUT IT MAY NOW OR LATER CONTAIN ERRORS, WHICH MAY LEAD TO UNINTENTIONAL DATA LOSS. READ THE LICENSE FOR A WARRANTY (THERE IS NONE).


Product's homepage

Limitations:

· The program using libsecrm has no write permissions to the file
· A program is using direct kernel calls, filesystem calls or non-standard calls, thus bypassing even the C library
· Libsecrm is not loaded (read the "Installing" chapter in the "info" docs).
· A program is linked statically (so it doesn't use shared libraries and has all the functions compiled in it).
· The operating system doesn't support shared libraries (like DOS)
· The operating system doesn't support preloading shared libraries before system libraries.

What's New in This Release: [ read full changelog ]

· Wiping freed memory, option to wipe with zeros, fixes in distribution packages.