 | This article needs additional citations for verification .(August 2010) |
 srm securely erasing a text file. | |
| Repository | |
|---|---|
| Website | srm |
srm (or Secure Remove) is a command line utility for Unix-like computer systems for secure file deletion. srm removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undeleting or recovering any information about the file from the command line.
Attempting to secure delete a file with multiple hard links results in a warning from srm stating that the current access path has been unlinked, but the data itself was not overwritten or truncated. This is an undocumented feature of srm 1.2.8 on Mac OS X 10.9, [1] and is erroneously documented in 1.2.11 as a behaviour activated by the OpenBSD rm-compatible option -P. [2] However, in both the OS X and SourceForge srm implementations, the behaviour of unlinking but not overwriting multi-linked files is always active, as long as the platform reports hard links. [3] [4]
srm 1.2.8 on Mac OS X 10.9 [5] has a -n option, which means "overwrite file, but do not rename or unlink it." [1] However, if the file has multiple links, the multiple-link file data protection feature activates first, removing the file, even though the -n option specifies "do not rename or unlink the file". [3] The -n option has been removed from the code and manual of srm version 1.2.11, the latest SourceForge.net version. As a consequence, this option/feature conflict does not occur. [2] [6]
A number of file systems support file forks (called resource forks and named forks on OS X (particularly HFS+), and alternate data streams on NTFS), or extended attributes. However, OS X is the only platform on which srm securely deletes any of this additional data in files. [7] On OS X, only the most common non-data fork, the resource fork, is handled in this way. [3] This support was included in Apple’s srm 1.2.8 [5] [8] and SourceForge's srm 1.2.9. [9]
srm was removed from OS X/macOS in v10.11 El Capitan, as part of the removal of the "Secure Empty Trash" feature for security reasons. [10]
In srm 1.2.11, released on 25 November 2010, [11] the OpenBSD rm-compatible option, -P, is documented have an overwriting pattern matching OpenBSD's rm. [2] Additional functionality which protects multi-linked files is documented under the OpenBSD-compatible option, but is actually always active. [2] [3] [4]
When securely deleting files recursively, srm 1.2.11 is unable to determine device boundaries on Windows. Therefore, the -x option, which restricts srm to one file system, is not supported. [2]
Darwin is an open-source Unix-like operating system first released by Apple Inc. in 2000. It is composed of code derived from NeXTSTEP, BSD, Mach, and other free software projects' code, as well as code developed by Apple.
PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter.
dd is a command-line utility for Unix, Unix-like operating systems and beyond, the primary purpose of which is to convert and copy files.
A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.
In computing, mmap(2) is a POSIX-compliant Unix system call that maps files or devices into memory. It is a method of memory-mapped file I/O. It implements demand paging because file contents are not read from disk directly and initially do not use physical RAM at all. The actual reads from disk are performed in a "lazy" manner, after a specific location is accessed. After the memory is no longer needed, it is important to munmap(2) the pointers to it. Protection information can be managed using mprotect(2), and special treatment can be enforced using madvise(2).
In computing, cp is a command in various Unix and Unix-like operating systems for copying files and directories. The command has three principal modes of operation, expressed by the types of arguments presented to the program for copying a file to another file, one or more files to a directory, or for copying entire directories to another directory.
Netatalk is a free, open-source implementation of the Apple Filing Protocol. It allows Unix-like operating systems to serve as file server for Macintosh computers. Historically Netatalk implemented the AppleTalk protocol suite, allowing Unix-like operating systems to serve also as print and time servers for Apple Macintosh computers.
mv is a Unix command that moves one or more files or directories from one place to another. If both filenames are on the same filesystem, this results in a simple file rename; otherwise the file content is copied to the new location and the old file is removed. Using mv requires the user to have write permission for the directories the file will move between. This is because mv changes the content of both directories involved in the move. When using the mv command on files located on the same filesystem, the file's timestamp is not updated.
File locking is a mechanism that restricts access to a computer file, or to a region of a file, by allowing only one user or process to modify or delete it at a specific time and to prevent reading of the file while it's being modified or deleted.
rm is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.
Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem. Unlike forks, which can usually be as large as the maximum file size, extended attributes are usually limited in size to a value significantly smaller than the maximum file size. Typical uses include storing the author of a document, the character encoding of a plain-text document, or a checksum, cryptographic hash or digital certificate, and discretionary access control information.
In Unix-like operating systems, unlink is a system call and a command line utility to delete files. The program directly interfaces the system call, which removes the file name and directories like rm and rmdir. If the file name was the last hard link to the file, the file itself is deleted as soon as no program has it open.
In Unix-like operating systems, a device file or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These special files allow an application program to interact with a device by using its device driver via standard input/output system calls. Using standard system calls simplifies many programming tasks, and leads to consistent user-space I/O mechanisms regardless of device features and functions.
The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley. The term "BSD" commonly refers to its descendants, including FreeBSD, OpenBSD, NetBSD, and DragonFly BSD.
OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD. According to the website, the OpenBSD project emphasizes "portability, standardization, correctness, proactive security and integrated cryptography."
NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is available for many platforms, including servers, desktops, handheld devices, and embedded systems.
LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.
The History of the Berkeley Software Distribution begins in the 1970s.
{{cite web}}: CS1 maint: location (link){{cite web}}: CS1 maint: location (link)