Libsecrm (LIBrary for SECure ReMoval) is a library which partially
(read below for limitations)
ensures secure data deleting by intercepting calls to some C library functions and
replacing them by its own substitutes.
The data that would be deleted from a file is first securely wiped, then the
original functions are called. This way, LibSecRm protects your sensitive
deleted data from being recovered.
Libsecrm partially also takes care about memory security - some of the memory
allocation functions are intercepted, and the allocated memory is wiped before
passing it to the calling program.
Requirements for compiling:
- a non-root account. Please, NEVER compile or 'make' anything as root.
- a working C compiler
- development package for the C library (like glibc-devel and glibc-headers)
with the signal.h and (especially) fcntl.h, unistd.h and sys/stat.h headers.
The unistd.h contains functions needed for wiping to work at all. Nothing
will be done if this file is missing.
The sys/stat.h contains functions needed to check the wiped object's type.
Libsecrm will wipe only regular files. If this file is missing, nothing can
The dlfcn.h header contains functions needed to call the original functions.
It has to have RTLD_NEXT defined. Libsecrm wouldn't work without this, so it
won't compile without this.
The fcntl header has functions needed to prevent wiping files that are
set to be deleted, but still open. It has to have F_SETLEASE, F_GETSIG and
F_SETSIG defined in it (this is available on GNU/Linux, but may not be
available everywhere) for this feature to work.
Libsecrm will work without this, but strange things may happen. If you don't
have this, put /bin/bash in the program ban file and "ICE" (without the
double quotes) in the file ban file (read the "Manual configuration" chapter
in the "info" documentation).
- libdl, the dynamic loading library, with its development package
(unless the required functions are in the C library)
./configure to configure the library for your system.
make to compile the library.
Documentation comes complied (and can be copied right away), but can be changed
and recompiled, if you have the 'makeinfo' program ('texinfo' package).
make install to install the library. Read the docs on how to make the library running.
info libsecrm (after installation) or
(before installation) to get help.
Libsecrm has been added to
Softpedia Mac and
LibSecRm has been added to
and has received the Famous Software Award
THE LIBRARY HAS BEEN TESTED, BUT IT MAY NOW OR LATER CONTAIN ERRORS, WHICH MAY LEAD TO
UNINTENTIONAL DATA LOSS. READ THE LICENSE FOR A WARRANTY (THERE IS NONE).
Libsecrm can do nothing if:
- The program using libsecrm has no write permissions to the file
- A program is using direct kernel calls, filesystem calls or non-standard calls,
thus bypassing even the C library
- Libsecrm is not loaded (read the "Installing" chapter in the "info" docs).
- A program is linked statically (so it doesn't use shared libraries and has all
the functions compiled in it).
- The operating system doesn't support shared libraries (like DOS)
- The operating system doesn't support preloading shared libraries before system libraries.
- Libsecrm is enabled by setting environment variables and a program is launched by another
program, which clears the environment
variables used by the dynamic linker, so the dynamic linker doesn't preload
Libsecrm. Some Java Runtime Environments seem to do this.
Screenshots of LibSecRm
Available at SourceForge.
LibSecRm compiles on the following systems:
- Fedora Core 4 GNU/Linux (i686 CPU) - versions up to 1.3 (later not checked)
- Fedora 12 GNU/Linux (i686 CPU) - versions from 1.4 (earlier not checked)
- Mandriva 2008.1 GNU/Linux (i686 CPU)
- Mandriva 2011 GNU/Linux (i686 CPU) - version 1.6 (earlier and later not checked)
- OpenBSD 3.8 (x86 CPU) - versions up to 1.4 (later not checked)
- Debian 5.0 GNU/Linux (x86 CPU) - versions from 1.5 (earlier not checked)
Current version is 1.9.
Download this at SourceForge.
My other software
Check out Wipe Free Space, IMYplay, LibHideIP, LibNetBlock and JYMAG on SourceForge.
See my other free software:
See also my assembly-related free software:
- KonqSec - a set of Konqueror security-related context menu entries
- SOAP Service Tester - a program for testing SOAP services
- Certificate and key generators
- E-mail address verifier
- LastMod - a script that inserts or updates a META element with the
Last-Modified HTTP header
- Atom2Rss - a script that converts an Atom channel XML file
to an RSS 2.0 XML file
- List2Atom - a script that generates an Atom channel XML file from a list of files
- InSyTrack - software to track program flow (calls) across libraries,
threads, programming languages or even different systems on different
- AsmDoc - a HTML documentation generator for assembly language
- source converters between NASM, FASM and GAS
- C header to assembly header converters
- Kate/KWrite syntax highlighting for NASM/FASM
- some FASM macros
- Makefile generator for FASM
- Linux 2.6 kernel module helper for FASM
- A set of Autoconf macros
- Assembly converter for Doxygen
- Asm::X86 Perl module
My GPG/PGP key
GnuPG/PGP key used to sign the packages:
Number: 1C56DA1E, SHA1 fingerprint: E91E 699F 1026 D0EF 745E EC3B 353A D368 1C56 DA1E
Contact me: bogdro AT users . sourceforge . net (English accepted, just say '[SOFT]' in the title).
GnuPG/PGP key the same as above.
This page is hosted at SourceForge.net.
This page is written using valid
, for all browsers:
This page uses a valid
This page doesn't use GIF images
and doesn't use JPG images.