FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-05-2007, 09:58 AM
Mike C
 
Default The shred command and security?

In the event that you want to give a Fedora machine to a friend but want to
remove sensitive files first, an obvious tool is the shred command.

However the man page for shred says:

"CAUTION: Note that shred relies on a very important assumption: that the
file system overwrites data in place. This is the traditional way to do
things, but many modern file system designs do not satisfy this assumption.
The following are examples of file systems on which shred is not effective,
or is not guaranteed to be effective in all file system modes:

* log-structured or journaled file systems, such as those supplied with AIX
and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)"

But further down it also says:

"In the case of ext3 file systems, the above disclaimer applies (and shred
is thus of limited effectiveness) only in data=journal mode, which journals
file data in addition to just metadata. In both the data=ordered (default)
and data=writeback modes, shred works as usual."

So I presume that if you have a default system using ext3 then the shred command
does give safe deletion?

Are there any other commands that will securely delete files/directories?

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 10:13 AM
Todd Zullinger
 
Default The shred command and security?

Mike C wrote:
> So I presume that if you have a default system using ext3 then the
> shred command does give safe deletion?

I think that's a reasonable assumption.

> Are there any other commands that will securely delete
> files/directories?

If you want much more secure deletion, take a look at DBAN:

http://dban.sourceforge.net/

Another option is to use disk encryption. Then you could give your
disk away without deleting or wiping anything and still be secure.

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
Well at first I was skeptical but then I thought I could be like
Hillary Clinton, just without the penis.
-- Lois Griffin, The Family Guy

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 01:11 PM
Mike C
 
Default The shred command and security?

Todd Zullinger <tmz <at> pobox.com> writes:

> If you want much more secure deletion, take a look at DBAN:
>
> http://dban.sourceforge.net/
>
> Another option is to use disk encryption. Then you could give your
> disk away without deleting or wiping anything and still be secure.

Yes I am aware of both these which are great for total inaccessibility to
others for an entire disk. In this case I was looking for deletion of a
small number of files which may have sensitive info but to retain the
system, including the HD, in a working fashion for the new owner.

Thanks for the reply though.





--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 02:00 PM
Tim
 
Default The shred command and security?

On Wed, 2007-12-05 at 14:11 +0000, Mike C wrote:
> In this case I was looking for deletion of a small number of files
> which may have sensitive info but to retain the system, including the
> HD, in a working fashion for the new owner.

If you only care about making it hard for someone to casually undelete
something, and aren't after high security wiping, there's options like:

Remount without journalling, e.g. as ext2, then shred.

Delete the files, fill the drive to capacity from /dev/random
or /dev/zero, then delete the filler.

If /home is a partition, reformat it. (Actually format, not just the
usual pretend format that is usually done on hard drives, these days.)

The second has the potential to hang your system, if it needs some drive
space while you're in the middle of doing it.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 02:01 PM
Alan Cox
 
Default The shred command and security?

> Yes I am aware of both these which are great for total inaccessibility to
> others for an entire disk. In this case I was looking for deletion of a
> small number of files which may have sensitive info but to retain the
> system, including the HD, in a working fashion for the new owner.

The disk itself doesn't provide this facility. Because of the way files
can get relocated, data can end up in swap etc it would be a bad idea at
the Linux level.

At the hardware level you are not guaranteed that a disk will choose to
use the same physical block for the same logical block so the only proper
way to do erasure is to issue a secure erase command to the drive (if
supported), this will erase the entire media.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 04:42 PM
Bruno Wolff III
 
Default The shred command and security?

On Wed, Dec 05, 2007 at 10:58:09 +0000,
Mike C <mike.cloaked@gmail.com> wrote:
> In the event that you want to give a Fedora machine to a friend but want to
> remove sensitive files first, an obvious tool is the shred command.

An easy way to do this is to boot with a livecd and the copy /dev/zero to
the raw disk devices (or use a destructive write test with badblocks). Once
that is complete do a fresh install.

Recovering data from reallocated (by the disk drive) sectors (if you even
have any) would be difficult and would not normally be much data. Recovering
data by looking at the platter with say an electron microscope and trying
to recover traces of old data isn't going to be economically feasible.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 04:42 PM
Bruno Wolff III
 
Default The shred command and security?

On Wed, Dec 05, 2007 at 10:58:09 +0000,
Mike C <mike.cloaked@gmail.com> wrote:
> In the event that you want to give a Fedora machine to a friend but want to
> remove sensitive files first, an obvious tool is the shred command.

An easy way to do this is to boot with a livecd and the copy /dev/zero to
the raw disk devices (or use a destructive write test with badblocks). Once
that is complete do a fresh install.

Recovering data from reallocated (by the disk drive) sectors (if you even
have any) would be difficult and would not normally be much data. Recovering
data by looking at the platter with say an electron microscope and trying
to recover traces of old data isn't going to be economically feasible.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 04:42 PM
Bruno Wolff III
 
Default The shred command and security?

On Wed, Dec 05, 2007 at 10:58:09 +0000,
Mike C <mike.cloaked@gmail.com> wrote:
> In the event that you want to give a Fedora machine to a friend but want to
> remove sensitive files first, an obvious tool is the shred command.

An easy way to do this is to boot with a livecd and the copy /dev/zero to
the raw disk devices (or use a destructive write test with badblocks). Once
that is complete do a fresh install.

Recovering data from reallocated (by the disk drive) sectors (if you even
have any) would be difficult and would not normally be much data. Recovering
data by looking at the platter with say an electron microscope and trying
to recover traces of old data isn't going to be economically feasible.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 04:42 PM
Bruno Wolff III
 
Default The shred command and security?

On Wed, Dec 05, 2007 at 10:58:09 +0000,
Mike C <mike.cloaked@gmail.com> wrote:
> In the event that you want to give a Fedora machine to a friend but want to
> remove sensitive files first, an obvious tool is the shred command.

An easy way to do this is to boot with a livecd and the copy /dev/zero to
the raw disk devices (or use a destructive write test with badblocks). Once
that is complete do a fresh install.

Recovering data from reallocated (by the disk drive) sectors (if you even
have any) would be difficult and would not normally be much data. Recovering
data by looking at the platter with say an electron microscope and trying
to recover traces of old data isn't going to be economically feasible.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 04:42 PM
Bruno Wolff III
 
Default The shred command and security?

On Wed, Dec 05, 2007 at 10:58:09 +0000,
Mike C <mike.cloaked@gmail.com> wrote:
> In the event that you want to give a Fedora machine to a friend but want to
> remove sensitive files first, an obvious tool is the shred command.

An easy way to do this is to boot with a livecd and the copy /dev/zero to
the raw disk devices (or use a destructive write test with badblocks). Once
that is complete do a fresh install.

Recovering data from reallocated (by the disk drive) sectors (if you even
have any) would be difficult and would not normally be much data. Recovering
data by looking at the platter with say an electron microscope and trying
to recover traces of old data isn't going to be economically feasible.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 08:03 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org