doug at mail.sermon-archive.info
Mon Jul 10 05:54:38 UTC 2017
> On 9 July 2017, at 22:41, Matthias Apitz <guru at unixarea.de> wrote:
> El día domingo, julio 09, 2017 a las 10:33:40p. m. -0700, Doug Hardie escribió:
>>> I do not think that this approach worked in the sense of overwriting all
>>> blocks of the disk. While walking through at some point the kernel will
>>> miss sectors of the disk, for example of memory mapped files of shared
>>> libs of other running processes or swapped out memory to disk. And the kernel
>>> will just crash or halt and you will notice that as terminating ssh session.
>>> Do not rely on the fact that the (sensitive) information on the disk was
>>> overwritten. The only secure way is doing this from a system running on
>>> some other disk and even this would allow to recover information with
>>> forensic tools reading beside of the tracks. Only physical destruction
>>> will help, for example burning the thing, as you said.
>> The swap space was on this drive so it should be overwritten also. Physical memory will go when the power goes off. It would be nice to be able to get the drive back and see just how much was overwritten, but that is not possible. I don't see why dd would not run to completion. The first test I ran it reported that it had cleared over 300 GB on a 500 GB drive. I may see if I can setup another system here and try that where I can monitor and test the result.
> Doug, you missed my point. Your dd proc will overwrite at some point the
> swaped-out pages and/or text segments which have been memory mapped by
> the kernel. The kernel will miss them and crash and so you have only
> overwritten a (maybe small) part of the disk.
The swap partition is the last partition on the drive. So if dd/system failed while writing that, then my goal would be complete. There was nothing running on the system accessing any sensitive data. The only areas of concern was the main partition. As for the kernel itself going down, I would expect that would not be able to hazard a reliable guess. It could happen, but I would expect if that were the case to not be able to get to the 60% point.
More information about the freebsd-questions