DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th March 2020
jonsec jonsec is offline
Fdisk Soldier
 
Join Date: Jul 2019
Posts: 56
Default is "rm" Operation safely for delete file?

i want deleting some security file in OpenBSD. is usage of `rm` safe and not be recovered?
Reply With Quote
  #2   (View Single Post)  
Old 28th March 2020
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 215
Default

I believe any deleted file is still recoverable until overwritten, on any O/S, the space is just marked as available for reuse normally.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #3   (View Single Post)  
Old 28th March 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,138
Default

See the -P option description in the rm(1) man page.
Reply With Quote
  #4   (View Single Post)  
Old 28th March 2020
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 394
Default

Even overwritten, you still can undelete files.
I did when our iMac crashed, I recovered several very old and overwritten files from Windows, Mac or OBSD partitions.
__________________
ThinkPad W500 P8700 6GB HD3650 SSD
ThinkStation P700 2x2620v3 32GB 1050ti SSD 3xHDD
Reply With Quote
  #5   (View Single Post)  
Old 28th March 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 133
Default

@LeFrettchen: even with using -P option?
I will be very surprised!
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #6   (View Single Post)  
Old 28th March 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,138
Default

Quote:
Originally Posted by LeFrettchen View Post
Even overwritten, you still can undelete files.
No, not when the stored sectors are replaced with other data. A 100% "undelete" can only be accomplished when 100% of the data sectors have never been overlaid, and pointers to the data are re-established.
Quote:
Originally Posted by CiotBSD View Post
@LeFrettchen: even with using -P option?
I will be very surprised!
This, exactly. $ rm -P <file> writes random bytes into the data sectors of <file>.

---

Both magnetic and solid state drive electronics will replace bad sectors with spare unused sectors, automatically, after any permanent read failure of the sector, if the failed sector address is written to again by an OS, such as after reformmatting and restoring a drive which has previously reported permanent read failures.

Those un-addressable bad sectors remain on the drive, unreadable by any OS, for the lifetime of the drive. I suppose that a drive's Data Security Erase operation should attempt to write over these un-addressable bad sectors, but even if my supposition is correct, the permanent failure mode may not overwrite and leave prior data on these sectors which may be readable in a laboratory environment: e.g., with replaced drive electronics. So physical destruction of a drive is recommended at end-of-life if a laboratory analysis attack is a possible threat vector and either a) the drive has failed in service, or b) the drive still functions and the drive electronics reports it has replaced sectors via the drive's S.M.A.R.T. report.

---

Full Disk Encryption can help alleviate the post-disk-use physical threat vector discussed above, as well as data-at-rest considerations for physical loss or for theft. But it doesn't help with running systems. There one can use rm(1) with -P to overlay sectors. On OpenBSD, I'm not certain of the threat vector if -P is not used, because I'm not sure how a process that's not the superuser or a member of the operator group will be able to read unassigned sectors.

Last edited by jggimi; 28th March 2020 at 04:00 PM. Reason: clarity, and added a section discussing FDE and other threat vectors
Reply With Quote
  #7   (View Single Post)  
Old 28th March 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,138
Default

Yes, my supposition was correct. From Wikipedia:
Quote:
The ATA standard clearly identifies that the Sanitization operations must address user data areas, user data areas not currently allocated (including “previously allocated areas and physical sectors that have become inaccessible”), and user data caches.
So any of the various Sanitize commands will attempt to eliminate data on inaccessible sectors. Whether successful or not.

Data Security Erase is an overwrite for magnetic media, Sanitize Block Erase is an electrical "wipe" for SSD.

Last edited by jggimi; 28th March 2020 at 06:00 PM. Reason: clarity, as usual
Reply With Quote
Reply

Tags
rm, safely delete

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sysinst segfaults on Alpha ("file system full") - install help commodorejohn NetBSD Installation and Upgrading 2 22nd March 2020 07:46 AM
Compiling message: "write failed, file system is full"? Nureo OpenBSD Packages and Ports 13 19th July 2016 01:36 AM
File browser / Norton commander clone "noice" J65nko OpenBSD Packages and Ports 5 2nd March 2016 09:53 PM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
mpd: "Operation not permitted" IIMarckus OpenBSD Packages and Ports 4 29th October 2008 08:10 AM


All times are GMT. The time now is 12:19 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick