Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.3: Secure empty trash from the Terminal UNIX
So everyone knows that you can now use the "Securely empty trash" feature. What if you want to remove a file but not use the Trash? The new feature in Panther is the command /usr/bin/srm. There are two other options that Secure empty trash doesn't use:
-m, --medium
   overwrite the file with 7 US DoD compliant passes  (0xF6,  0x00,
   0xFF, random, 0x00, 0xFF, random)

-z, --zero
   after overwriting, zero blocks used by file
So, srm -mz [filename] will do a DoD compliant erase and zero the data.
    •    
  • Currently 1.71 / 5
  You rated: 1 / 5 (7 votes cast)
 
[24,520 views]  

10.3: Secure empty trash from the Terminal | 18 comments | Create New Account
Click here to return to the '10.3: Secure empty trash from the Terminal' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Secure empty trash from the Terminal
Authored by: deleted_user18 on Oct 29, '03 12:16:09PM

But how can I securely delete the trash from the findet? I have not yet found this option!



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: fortrandragon on Oct 29, '03 12:42:01PM

Bring the Finder to the front and then select Secure Empty Trash from the Finder menu (the menu next to the Apple icon).

I had to look for it as well. I was surprised Apple didn't add that option to the Trash's contextual menu.



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: deleted_user18 on Oct 29, '03 02:55:21PM

Oh, dear it is so obvious. Thanks!



[ Reply to This | # ]
Don't feel bad
Authored by: jriskin on Oct 29, '03 06:34:41PM

I missed it too, I did the same thing you did. I went to the Trash can and looked in the contextual menu.



[ Reply to This | # ]
10.3: Secure empty trash from the Finder
Authored by: winddog on Nov 01, '03 11:52:07AM

Good job. What happens if you empty the trash for several days in the normal fashion and then use the secure empty trash-does it secure the previous files that have been emptied from the trash?



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: gunslngr on Oct 29, '03 06:46:11PM

So how can I add the srm command to the Trash Contextual Menu?



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: jecwobble on Oct 30, '03 11:50:12AM
10.3: Secure empty trash from the Terminal
Authored by: gunslngr on Oct 30, '03 02:10:28PM

looks cool. I'll take a look.

Thanks.



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: xbpr on Nov 04, '03 07:07:44PM

I tried to add this to the dock menu by editing the DockMenus.plist file. Using property list editor, I can see that the command number to "empty trash" is 1001. How can I figure out what the command number is for secure empty?



[ Reply to This | # ]
/bin/rm -P
Authored by: extra88 on Oct 29, '03 06:44:02PM

OS X 10.2 (and probably earlier) already had /bin/rm -P which may not be "DoD compliant" but is probably sufficient and faster.

From man rm:

-P Overwrite regular files before deleting them. Files are
overwritten three times, first with the byte pattern 0xff,
then 0x00, and then 0xff again, before they are deleted.



[ Reply to This | # ]
/bin/rm -P
Authored by: FlashBIOS on Oct 29, '03 10:17:59PM

That doesn't do resource forks, and there is some debate on if it ever worked like it should.



[ Reply to This | # ]
Is it overkill?
Authored by: sjmills on Oct 29, '03 10:36:33PM

Why write over the file 7 (or 8) times? Isn't once enough?



[ Reply to This | # ]
Is it overkill?
Authored by: repetty on Oct 29, '03 11:04:43PM

No, more than once is not overkill. Super-duper computer forensics labs can "see through" single writes without too much problem. You've got to do it several times to really give these guys a real problem.

I just as intrigued, though, by the fact that it's really easy to read letters without opening envelopes, even correspondence which has be folder over serveral times and placed in a "secure" envelope.

No, my friend, you've got to overwrite many times to approach secure, and even then there are no guarrantees against the most motivited government agencies.

--Richard



[ Reply to This | # ]
Is it overkill?
Authored by: zacht on Oct 30, '03 01:08:46PM

I once saw a post on Usenet claiming that all the data of the entire federal government is kept on a single 20 MB hard disk. They keep overwriting the data, but the FBI/CIA/NSA can read down through the "layers", so no problem...

A silly joke, of course...

Seriously, reading overwritten data is possible because each little section of disk that's supposed to be a 0 or 1 actually has many magnetic grains in it. Writing a 0 or 1 will flip most, but never all, of the grains. FBI & co. can look at something that seems to be, say, all 0's, and detect residual 1's at certain spots---grains that didn't make the switch to 0's---, and from that, recover a lot of the original data.

I think this can be done with certain types of microscopes---atomic force microscope (AFM) maybe? I forget---if you happen to have one lying around... :-)

Anyway, if you overwrite seven times, it's supposed to be unlikely that any individual grain would stay unchanged seven times in a row.



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: vancenase on Oct 29, '03 11:37:17PM

how can you securely delete an entire folder?



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: Tom Robinson on Oct 30, '03 03:16:24AM

If you check the man page for srm you'll see a '-R' option for a recursive delete (i.e. delete a directory and its contents).



[ Reply to This | # ]
Not really Secure!
Authored by: raider on Oct 30, '03 04:48:45PM

It was brought to light that Panther has a new feature that automatically de-frags your drive while you use it.

If you access a file of 20MB or smaller, and it is fragmented - Panther moves it to a spot on the disk where it is no longer fragmented, but only simply marks the OLD bits free for use - it doesn't overwrite them.

So even if you use Secure Empty Trash, it will only overwrite the current file, but not the places on the disk that it might have existed before.

So you *might* get a secure delete and you *might not*.

If you are concerned enough about it to use it in the first place, this would negate any real value it held for you...



[ Reply to This | # ]
10.3: Secure empty trash from the Terminal
Authored by: Crawdad on Dec 27, '03 10:15:55AM
You can learn a great deal about the difficulties of securely erasing disk files (and memory) from Peter Gutmann's USENIX paper of 1996. It also explodes the claims of certain commercial products.

[ Reply to This | # ]