is "rm" Operation safely for delete file?

[jonsec]

i want deleting some security file in OpenBSD. is usage of `rm` safe and not be recovered?

[bsd-keith]

I believe any deleted file is still recoverable until overwritten, on any O/S, the space is just marked as available for reuse normally.

[jggimi]

See the -P option description in the rm(1) man page.

[LeFrettchen]

Even overwritten, you still can undelete files.
I did when our iMac crashed, I recovered several very old and overwritten files from Windows, Mac or OBSD partitions.

[CiotBSD]

@LeFrettchen: even with using -P option?
I will be very surprised!

[jggimi]

Quote:

Originally Posted by LeFrettchen

Even overwritten, you still can undelete files.

No, not when the stored sectors are replaced with other data. A 100% "undelete" can only be accomplished when 100% of the data sectors have never been overlaid, and pointers to the data are re-established.

Quote:

Originally Posted by CiotBSD

@LeFrettchen: even with using -P option?
I will be very surprised!

This, exactly. $ rm -P <file> writes random bytes into the data sectors of <file>.

---

Both magnetic and solid state drive electronics will replace bad sectors with spare unused sectors, automatically, after any permanent read failure of the sector, if the failed sector address is written to again by an OS, such as after reformmatting and restoring a drive which has previously reported permanent read failures.

Those un-addressable bad sectors remain on the drive, unreadable by any OS, for the lifetime of the drive. I suppose that a drive's Data Security Erase operation should attempt to write over these un-addressable bad sectors, but even if my supposition is correct, the permanent failure mode may not overwrite and leave prior data on these sectors which may be readable in a laboratory environment: e.g., with replaced drive electronics. So physical destruction of a drive is recommended at end-of-life if a laboratory analysis attack is a possible threat vector and either a) the drive has failed in service, or b) the drive still functions and the drive electronics reports it has replaced sectors via the drive's S.M.A.R.T. report.

---

Full Disk Encryption can help alleviate the post-disk-use physical threat vector discussed above, as well as data-at-rest considerations for physical loss or for theft. But it doesn't help with running systems. There one can use rm(1) with -P to overlay sectors. On OpenBSD, I'm not certain of the threat vector if -P is not used, because I'm not sure how a process that's not the superuser or a member of the operator group will be able to read unassigned sectors.

[jggimi]

Yes, my supposition was correct. From Wikipedia:

Quote:

The ATA standard clearly identifies that the Sanitization operations must address user data areas, user data areas not currently allocated (including “previously allocated areas and physical sectors that have become inaccessible”), and user data caches.

So any of the various Sanitize commands will attempt to eliminate data on inaccessible sectors. Whether successful or not.

Data Security Erase is an overwrite for magnetic media, Sanitize Block Erase is an electrical "wipe" for SSD.