Linux

48229 readers

962 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

How to prevent files from being displaced? This protection should (somehow) persist through disk cloning. (discuss.online)

submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/[email protected]

55 comments fedilink hide all child comments

(More) Specifics:

Undoing the protection should include filling in a password.
The password should be different from the one used with sudo or any other passwords that are used for acquiring elevated privileges.

All (possible) solutions and suggestions are welcome! Thanks in advance!

Edit: Perhaps additional specifications:

With 'displace‘, I mean anything involving that resembles the result of mv, cp (move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to 'pop up' anywhere.
I require for the files to be unreadable.
I don't care if it's modifiable or not.
I don't require this for my whole system! Only for a specific set of files.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 4 months ago (1 children)

Then, what prevents whosoever, to copy that file through cloning the complete disk?

Nothing. At most, you can have a hardware encrypted drive that won't permit access to the encrypted data without a password, but the file will remain available after unlocking that. Plus, dedicated people (law enforcement, data recovery specialists) may be able to get access to the flash chip itself unless you buy one that self destruct on any tampering attempts (and even those have flaws).

You cannot prevent copying of data if that data is readable at disk level. At most, you can make the data useless by padding a layer of encryption (as well-encrypted data may as well be random data without the key material). That's why everyone is going for encryption: encrypted files may as well be inaccessible to anyone who doesn't know the passphrase. There's no sense in copying a file which you cannot possibly read any bytes from.

If the key is gone (i.e. the real key is a password protected file that gets overwritten so even the password doesn't work anymore), the file becomes irretrievable. This is sometimes called "cryptographic erase" in the context of disks. There are variations of this, for instance, storing the key in the computer's processor (fTPM) behind a password, and clearing that key out. There's no way to get the key out of the fTPM so it cannot be backed up. Even if someone were to guess your password, the file will forever remain locked. Or at least until someone manages to break all cryptography, but even quantum computers don't know how to do that part yet.

If you're willing to go deep, you could reprogram the firmware on your SSD/HDD to refuse reading the file. A few years back, someone made a proof of concept firmware that detected disk imaging attempts (because all blocks on the disk were read in order) and had the firmware return garbage while secretly wiping the disk when this detection triggered. You could, in theory, write firmware that refuses to read that block of data. However, if whoever you're hiding this file from know about that, they can take out the platter/memory chips and dump them directly, bypassing your firmware entirely.

[–] [email protected] 3 points 4 months ago

Very informative. I appreciate it!