From 4d22d0e776e95e62b7629be713ef4c4b775f73df Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Tue, 4 Sep 2012 22:22:51 +0000 Subject: one random overwrite is sufficient, after some discussion on tech --- bin/rm/rm.1 | 19 +++++++------------ bin/rm/rm.c | 18 +++++++----------- 2 files changed, 14 insertions(+), 23 deletions(-) (limited to 'bin') diff --git a/bin/rm/rm.1 b/bin/rm/rm.1 index 33f8db44bc2..4cedbf7d6d8 100644 --- a/bin/rm/rm.1 +++ b/bin/rm/rm.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rm.1,v 1.34 2010/10/04 07:17:30 jmc Exp $ +.\" $OpenBSD: rm.1,v 1.35 2012/09/04 22:22:50 tedu Exp $ .\" $NetBSD: rm.1,v 1.8 1995/07/25 19:37:30 jtc Exp $ .\" .\" Copyright (c) 1990, 1993, 1994 @@ -33,7 +33,7 @@ .\" .\" @(#)rm.1 8.5 (Berkeley) 12/5/94 .\" -.Dd $Mdocdate: October 4 2010 $ +.Dd $Mdocdate: September 4 2012 $ .Dt RM 1 .Os .Sh NAME @@ -77,13 +77,7 @@ option overrides any previous options. .It Fl P Overwrite regular files before deleting them. -Files are overwritten three times, first with the byte pattern -.Li 0xff , -then -.Li 0x00 , -and then -.Li 0xff -again, before they are deleted. +Files are overwritten once with a random pattern. Files with multiple links will be unlinked but not overwritten. .It Fl R Attempt to remove the file hierarchy rooted in each file argument. @@ -197,8 +191,9 @@ command appeared in .Sh BUGS The .Fl P -option assumes that the underlying file system is a fixed-block file -system, -such as UFS. +option assumes that both the underlying file system and storage medium write +in place. +This is true for the FFS and MSDOS file systems and magnetic hard disks, +but not true for most flash storage. In addition, only regular files are overwritten, other types of files are not. diff --git a/bin/rm/rm.c b/bin/rm/rm.c index 436b70068a1..41b574edca1 100644 --- a/bin/rm/rm.c +++ b/bin/rm/rm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rm.c,v 1.25 2012/06/18 01:03:05 guenther Exp $ */ +/* $OpenBSD: rm.c,v 1.26 2012/09/04 22:22:50 tedu Exp $ */ /* $NetBSD: rm.c,v 1.19 1995/09/07 06:48:50 jtc Exp $ */ /*- @@ -55,7 +55,7 @@ int check(char *, char *, struct stat *); void checkdot(char **); void rm_file(char **); int rm_overwrite(char *, struct stat *); -int pass(int, int, off_t, char *, size_t); +int pass(int, off_t, char *, size_t); void rm_tree(char **); void usage(void); @@ -261,7 +261,7 @@ rm_file(char **argv) /* * rm_overwrite -- - * Overwrite the file 3 times with varying bit patterns. + * Overwrite the file with varying bit patterns. * * XXX * This is a cheap way to *really* delete files. Note that only regular @@ -308,13 +308,9 @@ rm_overwrite(char *file, struct stat *sbp) if ((buf = malloc(bsize)) == NULL) err(1, "%s: malloc", file); - if (!pass(0xff, fd, sbp->st_size, buf, bsize) || fsync(fd) || - lseek(fd, (off_t)0, SEEK_SET)) + if (!pass(fd, sbp->st_size, buf, bsize)) goto err; - if (!pass(0x00, fd, sbp->st_size, buf, bsize) || fsync(fd) || - lseek(fd, (off_t)0, SEEK_SET)) - goto err; - if (!pass(0xff, fd, sbp->st_size, buf, bsize) || fsync(fd)) + if (fsync(fd)) goto err; close(fd); free(buf); @@ -329,11 +325,11 @@ err: } int -pass(int val, int fd, off_t len, char *buf, size_t bsize) +pass(int fd, off_t len, char *buf, size_t bsize) { size_t wlen; - memset(buf, val, bsize); + arc4random_buf(buf, bsize); for (; len > 0; len -= wlen) { wlen = len < bsize ? len : bsize; if (write(fd, buf, wlen) != wlen) -- cgit v1.2.3