[Gllug] Wiping free space.

Richard Jones rich at annexia.org
Mon Dec 28 17:25:57 UTC 2009 

On Mon, Dec 28, 2009 at 04:27:00PM +0000, general_email at technicalbloke.com wrote:
> I was wondering how one would go about overwriting empty space on a
> standard ext3 partition. The quickest naive solution would seem to be to
> pipe the output of /dev/random to a file until all the disk space is
> used then delete it but...

There are two programs you should probably look at: scrub and
zerofree.  Scrub simply automates the process you described of
creating a large random file and deleteing it.

> a) I've heard bad things may happen if the system disk get completely
> full on unix systems, and...

If the system is quiet, then the bad stuff that could happen is
unlikely.  You might lose a few log file entries.  Don't try it on
your busy production webserver though.

> b) AFAIK, files are block aligned so files which don't divide perfectly
> into the block size may have space at the very end of that the OS
> doesn't regard as free.

The filesystem writes whole blocks, and if a file doesn't fill a whole
block then the fs will write zeroes to the end of the block.

> Are the above conerns legitimate or just here-say? If the former are
> there any apps I would find in the big 3 repos that overwrite unused
> space while mitigating the above?

zerofree overwrites unused ext2/3 blocks by knowing something about
the ext2/3 format itself.  IIRC you have to unmount the filesystem
before using it which makes it much less convenient to use than scrub.

The above is a bit more complicated if the underlying device is an SSD
(not a hard drive) because there the OS doesn't really have full
control of the true use and placement of blocks.  There is no good way
o solve this at the filesystem or OS level - you'd have to issue some
sort of "secure wipe" command to the IDE interface directly, and
there's no guarantee that it would do anything useful or that you
could find out what it was really doing at all.

Hard drives can also remap sectors below the OS level but at least you
can find out if they did that by issuing SMART commands ("smartctl").

Rich.

-- 
Richard Jones
Red Hat
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list