Securly deleting files in a journaled file system

Ben Weatherall bweatherall at pdxinc.com
Tue Mar 7 08:01:14 MST 2006 

On 3/6/06, Edward Norton <r00t3d at gmail.com> wrote:
>
> On 3/6/06, Edward Norton <r00t3d at gmail.com> wrote:
> >
> > On 3/6/06, Ben Weatherall <bweatherall at pdxinc.com> wrote:
>> 
> > > I have been lurking on the list since I left the Phoenix area for
Texas
> > > earlier this year. I now need answers from those I know and trust.
Help!
> > >
> > In the past, I have used both wipe and shred to remove files from a
disk
> > >
> > > so they cannot be recovered. I am now having to do this under both
Linux
> > > (SuSE SLES-9) and AIX (v5.2) where both use a journaled file
system. All
> > > of the documentation says these tools will fail under these
conditions.
> > > The final solution needs to handle ext3, Reiser and JFS.
> > >
> > > Does anyone have any suggestions?
> > > -Ben Weatherall
> >
> >
> > dban (dban.sf.net) is probably by far the best. However, of the
> > filesystems you listed, it only covers two: ext2/3, and reiserfs.
JFS is not
> > supported AFAIK. UFS, however, is.
> 
> Ok, nevermind, I think I misread your email.  shred should work just
fine.
> Just try something like `shred -n100 -z`.

I looked up shred again, just to make sure I wasn't mistaken. From
http://www.gnu.org/software/fileutils/doc/manual/html/fileutils.html#shr
ed%20invocation it states, "Please note that shred relies on a very
important assumption: that the filesystem overwrites data in place. This
is the traditional way to do things, but many modern filesystem designs
do not satisfy this assumption. Exceptions include:
    * Log-structured or journaled filesystems, such as those supplied
with AIX and Solaris.
    * Filesystems that write redundant data and carry on even if some
writes fail, such as RAID-based filesystems.
    * Filesystems that make snapshots, such as Network Appliance's NFS
server.
    * Filesystems that cache in temporary locations, such as NFS version
3 clients.
    * Compressed filesystems. 

Since ext3, Reiser, JFS, etc. are all journaled filesystems, shred will
only work at the partition level. For ext3 I could convert it to ext2,
shred the file(s), and then convert it back to ext3, but that is not
really a good idea on production systems.

I also looked at dban (thanks for pointing it out), but it only wipes
disks. I just need to wipe specific files. I did find dban's notes about
the "Gutmann method" (http://dban.sourceforge.net/faq/index.html) used
by both shred and wipe interesting.

Any other ideas?
-Ben Weatherall

More information about the PLUG-discuss mailing list