Libsecrm (LIBrary for SECure ReMoval) is a library which partially
(read below for limitations)
ensures secure data deleting by intercepting calls to some C library functions and
replacing them by its own substitutes.
The data that would be deleted from a file is first securely wiped, then the
original functions are called. This way, LibSecRm protects your sensitive
deleted data from being recovered.
Libsecrm partially also takes care about memory security - some of the memory
allocation functions are intercepted, and the allocated memory is wiped before
passing it to the calling program.
Requirements for compiling:
- a non-root account. Please, NEVER compile or 'make' anything as root.
- a working C compiler (C++ compilers won't work due to variable casts)
- development package for the C library (like glibc-devel and glibc-headers)
with the signal.h and (especially) fcntl.h, unistd.h and sys/stat.h headers.
- Note that some glibc versions (2.11 is known of this) have a bug in their
dl(v)sym implementation, which may cause LibSecRm to hang during searching
for the original versions of the substituted C functions. If you observe
this, it is best to upgrade glibc. If not possible, you can start deleting
substituted functions from open() and check each time it your current
version started to work (yes, this decreases security).
- The unistd.h contains functions needed for wiping to work at all. Nothing
will be done if this file is missing.
- The sys/stat.h contains functions needed to check the wiped object's type.
Libsecrm will wipe only regular files. If this file is missing, nothing can
- The dlfcn.h header contains functions needed to call the original functions.
It has to have RTLD_NEXT defined. Libsecrm wouldn't work without this, so it
won't compile without this.
- The fcntl header has functions needed to prevent wiping files that are
set to be deleted, but still open. It has to have F_SETLEASE, F_GETSIG and
F_SETSIG defined in it (this is available on GNU/Linux, but may not be
available everywhere) for this feature to work.
Libsecrm will work without this, but strange things may happen. If you don't
have this, put /bin/bash in the program ban file and "ICE" (without the
double quotes) in the file ban file (read the "Manual configuration" chapter
in the "info" documentation).
- libdl, the dynamic loading library, with its development package
(unless the required functions are in the C library)
./configure to configure the library for your system.
If you want to enable the public interface of LibSecRm, configure the
The public interface is compatible with SWIG, so
you can make native bindings to LibSecRm for any supported language.
make to compile the library.
Documentation comes complied (and can be copied right away), but can be changed
and recompiled, if you have the
makeinfo program (
make install to install the library. Read the docs on how to make the library running.
info libsecrm (after installation) or
(before installation) to get help.
- libc.so.6 (GLIBC_2.7)
- libdl.so.2 (GLIBC_2.1)
Libsecrm has been added to
Softpedia Mac and
LibSecRm has been added to
and has received the Famous Software Award
THE LIBRARY HAS BEEN TESTED, BUT IT MAY NOW OR LATER CONTAIN ERRORS, WHICH MAY LEAD TO
UNINTENTIONAL DATA LOSS. READ THE LICENSE FOR A WARRANTY (THERE IS NONE).
Libsecrm can do nothing if:
- The program using libsecrm has no write permissions to the file
- A program is using direct kernel calls, filesystem calls or non-standard calls,
thus bypassing even the C library
- Libsecrm is not loaded (read the "Installing" chapter in the "info" docs).
- A program is linked statically (so it doesn't use shared libraries and has all
the functions compiled in it).
- The operating system doesn't support shared libraries (like DOS)
- The operating system doesn't support preloading shared libraries before system libraries.
- Libsecrm is enabled by setting environment variables and a program is launched by another
program, which clears the environment
variables used by the dynamic linker, so the dynamic linker doesn't preload
Libsecrm. Some Java Runtime Environments seem to do this.
LibSecRm compiles on the following systems:
- Fedora Core 4 GNU/Linux (i686 CPU) - versions up to 1.3 (later not checked)
- Fedora 12 GNU/Linux (i686 CPU) - versions from 1.4 (earlier not checked)
- Mandriva 2008.1 GNU/Linux (i686 CPU)
- Mandriva 2011 GNU/Linux (i686 CPU) - version 1.6 (earlier and later not checked)
- OpenBSD 3.8 (x86 CPU) - versions up to 1.4 (later not checked)
- Debian 5.0 GNU/Linux (x86 CPU) - versions from 1.5 (earlier not checked)
Current version is 2.5.
Download this at SourceForge.
My projects on SourceForge
- Wipe Free Space - a
program for cleaning of free space on filesystems
- LibSecRm - a security
wrapper library for C library functions which insecurely delete data
- JYMAG - a program for Sagem mobile phones
- IMYplay - a program
for playing iMelody ringtones (IMY files) and an IMY-to-MIDI converter
- LibHideIP - a security wrapper
library for C library functions which could lead to revealing your local IP address
- LibNetBlock - a security wrapper
library that ensures that no program under its control can access the network
My other software
See my other free software:
See also my assembly-related free software:
- KonqSec - a set of Konqueror security-related context menu entries
- SOAP Service Tester - a program for testing SOAP services
- Certificate and key generators
- E-mail address verifier
- LastMod - a script that inserts or updates a META element with the
Last-Modified HTTP header
- Atom2Rss - a script that converts an Atom channel XML file
to an RSS 2.0 XML file
- List2Atom - a script that generates an Atom channel XML file from a list of files
- InSyTrack - software to track program flow (calls) across libraries,
threads, programming languages or even different systems on different
- AsmDoc - a HTML documentation generator for assembly language
- source converters between NASM, FASM and GAS
- C header to assembly header converters
- Kate/KWrite syntax highlighting for NASM/FASM
- some FASM macros
- Makefile generator for FASM
- Linux 2.6 kernel module helper for FASM
- A set of Autoconf macros
- Assembly converter for Doxygen
- Asm::X86 Perl module
Contact me: bogdro AT users . sourceforge . net (English accepted, just say '[SOFT]' in the title).
My public certificate:
Certificate MD5 fingerprint:
Certificate SHA1 fingerprint:
Issuer certificate: der format
Issuer certificate MD5 fingerprint:
Issuer certificate SHA1 fingerprint:
Revocation list of the previous certificates:
My public GnuPG /
Key SHA1 fingerprint:
E91E 699F 1026 D0EF 745E EC3B 353A D368 1C56 DA1E
This page is hosted at SourceForge.net.
This page is written using valid
, for all browsers:
This page uses a valid
This page has a content security policy.
This page doesn't use GIF images
and doesn't use JPG images.