Educause Security Discussion mailing list archives
Re: Secure Delete for Mac
From: Zachary Yamada <zachary.yamada () CHEMEKETA EDU>
Date: Tue, 16 Oct 2018 13:00:02 -0700
I have to second Frank Barton's statement. Not only will using rm -P, srm, or shred increase the wear and tear on an SSD, but it's not as effective on on a modern SSD as it would be on a first-gen SSD or traditional spinning disk. It's my understanding that most modern SSDs use "wear-leveling" which results in writes to consistent files or inodes being written to different locations on-chip. So, even if you are overwriting a file on your system the physical location on the SSD where the new data is being written to will be different from the location of the data which is being overwritten from the OS perspective. The silver lining here is that TRIM-enabled SSDs should automatically clear data that has been "overwritten" by data written to a different section of the SSD's memory. On top of this, I would like to caution everyone in this thread on trusting utilities such as rm (with the -P flag), srm, and shred when used on operating systems with a journaled file system (such as those used by default in OSX and most modern Linux distributions). In fact, the documentation for both srm and shred provide warnings in regards to this:
From shred's man page:
CAUTION: Note that shred relies on a very important assumption: that
the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes: * log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
And from srm's README on SourceForge: All users, but especially Linux users, should be aware that srm will only
work on file systems that overwrite blocks in place. In particular, it will *NOT* work on reiserfs or the vast majority of journaled file systems. It should work on ext2, FAT-based file systems, and the BSD native file system. On ext3 srm will try to disable journaling of data, see the verbose output if this fails.
Unfortunately, I don't have a solution for the original question posted in this thread. While I hate to be a naysayer who doesn't offer any solutions, I would hate for any of us to fall into a false sense of security in believing that shred, srm, or rm is securely deleting data in environments where it might not. Best, Zachary Yamada, CEH, CHFI Chemeketa Community College Information Security Team Lead 503.584.7367 zachary.yamada () chemeketa edu On Tue, Oct 16, 2018 at 12:35 PM Ladwig, John M <John.Ladwig () minnstate edu> wrote:
The now-removed srm(1) did do better than that; pity: -m, --medium overwrite the file with 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random) The -s option overrides the -m option, if both are present. If neither is specified, the 35-pass Gutmann algorithm is used. *From:* The EDUCAUSE Security Community Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Bellot, Clayton H *Sent:* Tuesday, October 16, 2018 2:17 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Secure Delete for Mac From the Terminal on 10.14, you should be able to use the “-P” switch with the rm command: “Overwrite regular files before deleting them. Files are overwritten three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted.” Hope this helps, Clayton *From: *The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Chad Tracy <ctracy () BATES EDU> *Reply-To: *The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Tuesday, October 16, 2018 at 12:56 *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *[SECURITY] Secure Delete for Mac Apologies if this was hit in a previous post. I am looking to take the pulse of the group regarding secure delete solution for Mac. I understand that it was removed in a previous version. I am hoping there is something similar to Eraser for Windows? Thoughts? Cheers, Chad -- Chad Tracy Director of Information Security, Policy and Compliance Bates College 207 786-6491
Current thread:
- Secure Delete for Mac Chad Tracy (Oct 16)
- Re: Secure Delete for Mac Bellot, Clayton H (Oct 16)
- Re: Secure Delete for Mac Frank Barton (Oct 16)
- Re: Secure Delete for Mac Ladwig, John M (Oct 16)
- Re: Secure Delete for Mac Zachary Yamada (Oct 16)
- Re: Secure Delete for Mac Frank Barton (Oct 16)
- Re: Secure Delete for Mac Tim Doty (Dec 18)
- Re: Secure Delete for Mac Bellot, Clayton H (Oct 16)