File: README.Debian

package info (click to toggle)
secure-delete 3.1-6
  • links: PTS
  • area: main
  • in suites: bullseye, buster, jessie, jessie-kfreebsd, stretch
  • size: 280 kB
  • ctags: 115
  • sloc: ansic: 1,316; makefile: 70; sh: 65
file content (56 lines) | stat: -rw-r--r-- 2,125 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
secure-delete for Debian
------------------------

The original package and debian versions prio to  3.1-5 contained a utility
called smem that wiped memory. This utility seems to be of limited use and
clashes with another binary of the same name, it is therefore renamed to sdmem.

The source for secure_delete contains a 2.4 kernel module that turns every 
call to unlink() into a secure remove, this module is not yet part of this 
package for technical reasons. if you need it please "apt_get source 
secure-delete" and build it yourself for now.

Also note that securely wiping data from magnetic media is a difficult task and
depends a lot on the filesystem in question (among other things). So there is no
guarantee that this program will work in your configuration, but you can and
should check for yourself by creating a loopback filesystem, mountig it and
creating a file in it, then securely wiping it and grepping for it's contents in
the loopback file:

dd if=/dev/zero of=disk bs=4096 count=1024
mke2fs disk
losetup /dev/loop0 disk
mkdir test
mount /dev/loop0 test
cd test
for ((i=0; i<10000; i++))
do
	echo "ofenrohr" >> file;
done
cd ..
umount test
losetup -d /dev/loop0
grep "ofenrohr" disk
--> this should result in a "binary file disk matches"
losetup /dev/loop0 disk
mount /dev/loop0 test
cd test
srm file
cd ..
umount test
losetup -d /dev/loop0
grep "ofenrohr" disk
--> this should not find anything

Please make sure you use the correct filesystem type and options during the 
mkfs!

Another general problem of wiping data from disks is that most harddisks will
occasionally mark a sector as "bad" and copy it's contents to a new location
that the disk will pretend is at the original location. Since this is completely
transparent, there is no way to access these sectors without touching the disks
hardware. These sectors may then contain sensitive information that could be
retrieved from the disk. If you want better security, use an encrypting
filesystem (dm-crypt, loop-aes), and forget the key if you want to wipe it.

 -- Robert Lemmen <robertle@semistable.com>, Thu, 29 Jan 2004 18:09:26 +0100