From owner-freebsd-security Thu May 20 15:44:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from alpha.sea-to-sky.net (sea-to-sky.net [204.244.200.240]) by hub.freebsd.org (Postfix) with ESMTP id C6BAA14E37 for ; Thu, 20 May 1999 15:44:24 -0700 (PDT) (envelope-from sreid@alpha.sea-to-sky.net) Received: (from sreid@localhost) by alpha.sea-to-sky.net (8.9.1a/8.8.7) id PAA01561; Thu, 20 May 1999 15:44:42 -0700 Date: Thu, 20 May 1999 15:44:42 -0700 (PDT) From: Steve Reid To: freebsd-security@freebsd.org Subject: re: secure deletion Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Regarding the secure deletion thread... Rm in FreeBSD (*BSD, I think) already has a -P option to overwrite files. "man 1 rm" for more info. If you want to overwrite the empty space on your disk, to wipe files that have already been rm'ed, something like this is 98% effective: dd if=/dev/urandom of=foobar & (sleep 1; rm foobar) The rm is supposed to happen before dd exits so that when dd finally bombs on a "disk full" error the space will automatically be freed. It isn't perfect, as partially used blocks won't have the unused portion overwritten, but most of the disk will be wiped. Overwriting once is sufficient to prevent casual snooping. Using the rm and dd commands above would allow you to safely give your disk to a nosy friend, but is probably not enough to protect your deleted files from the FBI, the mafia, or corporate competitors. If you're creating a new secure deletion program or kernel patch and want to do more than just a single overwrite you should read this paper: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html P.S. Don't forget swap space. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message