Educause Security Discussion mailing list archives

Re: Secure Delete for Mac

From: Zachary Yamada <zachary.yamada () CHEMEKETA EDU>
Date: Tue, 16 Oct 2018 13:00:02 -0700

I have to second Frank Barton's statement. Not only will using rm -P, srm,
or shred increase the wear and tear on an SSD, but it's not as effective on
on a modern SSD as it would be on a first-gen SSD or traditional spinning
disk. It's my understanding that most modern SSDs use "wear-leveling" which
results in writes to consistent files or inodes being written to different
locations on-chip. So, even if you are overwriting a file on your system
the physical location on the SSD where the new data is being written to
will be different from the location of the data which is being overwritten
from the OS perspective. The silver lining here is that TRIM-enabled SSDs
should automatically clear data that has been "overwritten" by data written
to a different section of the SSD's memory.

On top of this, I would like to caution everyone in this thread on trusting
utilities such as rm (with the -P flag), srm, and shred when used on
operating systems with a journaled file system (such as those used by
default in OSX and most modern Linux distributions). In fact, the
documentation for both srm and shred provide warnings in regards to this:

From shred's man page:


      CAUTION: Note that shred relies on a very important assumption: that

       the file system overwrites data in place.  This is  the  traditional
       way to do things, but many modern file system designs do not satisfy
       this assumption.  The following are  examples  of  file  systems  on
       which  shred  is not effective, or is not guaranteed to be effective
       in all file system modes:

       * log-structured or journaled file systems, such as  those  supplied
       with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)


And from srm's README on SourceForge:

All users, but especially Linux users, should be aware that srm will only

work on file systems that overwrite blocks in place. In particular, it will
*NOT* work on reiserfs or the vast majority of journaled file systems. It
should work on ext2, FAT-based file systems, and the BSD native file
system. On ext3 srm will try to disable journaling of data, see the verbose
output if this fails.


Unfortunately, I don't have a solution for the original question posted in
this thread. While I hate to be a naysayer who doesn't offer any solutions,
I would hate for any of us to fall into a false sense of security in
believing that shred, srm, or rm is securely deleting data in environments
where it might not.

Best,

Zachary Yamada, CEH, CHFI
Chemeketa Community College
Information Security Team Lead
503.584.7367
zachary.yamada () chemeketa edu


On Tue, Oct 16, 2018 at 12:35 PM Ladwig, John M <John.Ladwig () minnstate edu>
wrote:

The now-removed srm(1) did do better than that; pity:



-m, --medium

              overwrite the file with 7 US DoD compliant  passes  (0xF6,

              0x00, 0xFF, random, 0x00, 0xFF, random)



The  -s  option overrides the -m option, if both are present.  If

       neither is specified, the 35-pass Gutmann algorithm is used.





*From:* The EDUCAUSE Security Community Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Bellot, Clayton H
*Sent:* Tuesday, October 16, 2018 2:17 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Secure Delete for Mac



From the Terminal on 10.14, you should be able to use the “-P” switch with
the rm command:



“Overwrite regular files before deleting them.  Files are overwritten
three times, first with the byte pattern 0xff, then 0x00, and then 0xff
again, before they are deleted.”



Hope this helps,

Clayton





*From: *The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Chad Tracy <ctracy () BATES EDU>
*Reply-To: *The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
*Date: *Tuesday, October 16, 2018 at 12:56
*To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
*Subject: *[SECURITY] Secure Delete for Mac



Apologies if this was hit in a previous post.



I am looking to take the pulse of the group regarding secure delete
solution for Mac. I understand that it was removed in a previous version. I
am hoping there is something similar to Eraser for Windows?



Thoughts?



Cheers,



Chad



--

Chad Tracy

Director of Information Security, Policy and Compliance

Bates College

207 786-6491

Current thread:

Secure Delete for Mac Chad Tracy (Oct 16)
- Re: Secure Delete for Mac Bellot, Clayton H (Oct 16)
  - Re: Secure Delete for Mac Frank Barton (Oct 16)
  - Re: Secure Delete for Mac Ladwig, John M (Oct 16)
    - Re: Secure Delete for Mac Zachary Yamada (Oct 16)
    - Re: Secure Delete for Mac Frank Barton (Oct 16)
    - Re: Secure Delete for Mac Tim Doty (Dec 18)