list at xenhideout.nl
Sun Dec 3 09:03:37 UTC 2017
Ralf Mardorf schreef op 03-12-2017 9:31:
> HDD's firmware might copy and move data, so a simple shred command,
> even for a default mounted (not data) journaling ext file system
> to be an issue
The bigger concern is really user space programs that leave copies
not HDD firmware because not everyone is going to take a harddrive apart
to search for information.
But you are right that "shred" might not do the job.
It's just not for reasons of hardware.
> but indeed
> http://manpages.ubuntu.com/manpages/xenial/man1/sfill.1.html seemingly
> is working around this issue, but software that "shred"s data usually
> doesn't call sfill, too.
Well that's true, and I'm not saying that caution is unwarranted, but
only real information can help people stay safe.
In this case:
* I once searched an ext4 filesystem for traces of a file that I wanted
to recover. The search revealed dozens of copies of the file in various
stages of development, apparently left behind by Vim.
* But in this case the log file of my keylogger exists in only one place
so shredding it was actually sufficient.
It appears that Vim does a rename, write and then delete while saving
the file, but I have not verified this yet.
Other programs like aescrypt and/or gzip may leave behind a copy of the
There are many programs that might do this.
So to really be safe is to run sfill like every week or so.
However on SSDs, "discard" may already make unused space unavailable.
More information about the ubuntu-users