On Fri, Sep 24, 2021 at 12:30:48PM +0000, Evan Greenup wrote: > +1 Here, > > If shred can support shredding directory tree recursively, it would be > awesome.
It can't, because that's not how shred works. Recursively shredding files within a larger filesystem does NOT guarantee that the old file is wiped out, because modern file systems tend to write the new file to a different part of the block storage while leaving the old storage unchanged other than marked as unused; with the right software, it's fairly trivial to read the contents of those areas of the disk. On an even more fundamental level, SSD disks tend to use wear-leveling technology, where the hardware itself will dynamically reroute writes to the same logical address to different portions of the storage over time, again leading to hardware still containing old data that was not overwritten. If you are not shredding an entire disk, chances are you are not actually shredding the old data from the storage. Adding a recursive option to shred to visit a series of files (rather than an entire block device) would give users a false sense of security, so we are unlikely to do it. > > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Friday, September 24th, 2021 at 9:06 PM, jedenfalco via GNU coreutils > General Discussion <coreutils@gnu.org> wrote: > > > I have a laptop and want to securely wipe the hard drive. It would be good > > to be able to wipe out an directory tree (e.g. /home) but it seems that dd > > can only wipe an entire drive. > > > > This means that I have to remove the hard drive and connect it externally > > to another PC to wipe it. No need to unplug the hard drive, when you could instead boot your computer from a live USB stick with a minimal operating system that contains enough software to perform the shredding of your unmounted hard drive. You may have to tweak BIOS/UEFI settings to be able to boot from live media instead of from the hard drive, but that's still easier than moving the hard drive to a different PC. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
