Slashdot Mirror
Shootout: 'rm -Rf /' vs. 'Format C:'
skyshock21 writes "There's an article over at hohle.net about what actually happens when you type the commands Format C: in windows versus rm -Rf / in Linux. Very interesting results indeed. Myths are busted, and hilarity ensues."
openbsd has rm -P which will overwrite the bytes of the 3 times
http://www.dealsites.net/wrap.php?file=hohle_post. htm
rm -Rf / removes all the files mounted on the file system. format c:\ rewrites a new file allocation table.
The issue of Linux not running as cleanly after all the files are whiped out vs. Windows still able to run isn't much a means of stability. Remember in Linux/Unix systems, Everything is a file. While in windows it is some hodgepodge framework where some are files and other are not. So naturally if you wipe out all the files on a Linux/Unix system problem will happen. While windows which puts a lot of its features in memory and stayes there so it can still operate even after you logout. In some ways having X windows crash after you try to leave is a good thing because you know that something is wrong sooner. vs. Windows just acting like nothing happend.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
format c:
/" in Linux. Besides noting how effectively I could trash the system, I wanted to see how the operating system responded, and what it took to be able to destroy the system. I know that "format c:" and "rm -Rf /" aren't equivalent, but they usually are interchangeable punchlines to jokes, which is why they were chosen.
/FS:NTFS" command, in Linux "rm -Rf *".
/F /S /Q *". Linux was a no brainer. All I had to do was escalate my permissions with sudo, "sudo rm -Rf *" to be exact.
There's a nerdy idea floating around that you can tell an uninformed Windows user to type "format c:" in the Run dialog to solve their problems. This is perpetuated in office jokes and comics among other places, but how many people have actually tried to destroy their using "format c:".
I made a goal for myself to find out what would happen if I ran "format c:" on a freshly installed Windows system and decided to compare it to the equally notorious "rm -Rf
Read more for the destruction of two perfectly good operating system installations.
My target OSes were Windows XP Pro and Ubuntu Linux, both with all the latest and greatest updates. The installs were both fresh and no additional security settings had been set. Ubuntu asked me for a password during installation, Windows did not, which we will see makes a difference later down the line.
First I established a baseline for my environment: a virtual shell parked at the root of the file system (C:\ for Windows, / for Linux).
Windows Linux
Larger Image Larger Image
Well, that was simple enough. Getting to each file system's root was a nearly identical process. Now is where things will change, however. In Windows, I am going to attempt to format the drive, a low level operation which usually occurs on drives not being used and in Linux I am going to attempt to remove all of the files from the filesystem. Both should give me an empty file tree when I'm done, but come at it from different angles. In Windows, I use the "format c:
Windows Linux
Larger Image Larger Image
Thankfully, and as I expected, neither of these commands wiped out my filesystem. To my shock, Windows looked as if it was going to comply with my wishes. It asked me if I would like to proceed and I confirmed that indeed I would. Ah, but as I expected, the drive was mounted and could not be formatted until it was unmounted; so I told it to try to forcefully unmount the drive. Finally it told me that it could not gain sole access to the drive and would not continue. So, straight away "format c:" will not erase your hard drive! Now how did Linux fare? Also, as I expected, almost nothing was deleted by my "rm -Rf *". My personal home directory (~/jonathanhohle) might have been erased, I didn't think to check it before I moved on. All in all, however, both systems were still up, stable, and in need of more abuse!
Windows Linux
Larger Image Larger Image
Larger Image
Larger Image
My goal was to mass erase these disks from the command line and so far I hadn't had much luck. With Windows I knew I was going to have to take a different approach, with Linux, I knew exactly what I had to do to kill this system.
I decided to attack Windows from the same attack point as I was hitting Linux. Instead of trying to do a low level erasure of my files I was just going to recursively delete them. So after a little mucking around at the command prompt, I came up with "del
Windows Linux
Larger Image Larger Image
Well, that did the trick on both systems with one caveat. As the first Linux screenshot under this paragraph shows, Linux would not continue with the command until the root password was entered. Windows, on the other hand had no problems going to town unlinking files after the [Enter] key was struck.
Windows Linux
Larger Image Larger Image
Afte
I run Ubuntu Linux myself. Setting the "root" password to the first user's password is default behavior. Technically, there is no root in a default Ubuntu install, you must create it/turn it on.
/. I don't have to ask ;)
I believe that Solaris no longer has a root user either (for security), and that you must sudo everything. Someone feel free to correct me (well this is
"And then I visited Wikipedia
Comment removed based on user account deletion
I like to use "shred /dev/hda". That takes time but it is worth it if you know you will never use that hard drive again, such as when you leave a company. If you are in a pinch, you can first do a "cat /dev/zero > /dev/hda". You can also use "dd" or "sdd". If you want to erase a magnetic medium, zero out the media first and then use "shred".
I'm pretty sure they removed deltree from winXP.
This post written under Gentoo-linux with an SCO IP license.
I think the original poster is talking about a script that failed to escape the filenames or failed to use, what I call, "end of command line options" (or "what is after this is a non-option") command line option (two dashes) before passing the filenames straight to that command. If a file name or folder name is "-r" (at least in SuSE Linux 9.0 with bash 2.05b), and you do rm -f * without using "--" before the asterisks or without properly escaping the filename list, rm indeed does process it as if you wanted it to wipe all directories recursively.
It seems that the author misunderstands an important part of the Unix philosophy:
That's far from true. Linux locks the executable file, i.e. if you attempt to open it for writing, you get an error. You can, however, remove the directory entry, in which case the file is retained as long as the program is still running.
Under Linux, a file can have zero, one, or more directory entries (a.k.a. hard links). It's not possible to remove files, only directory entries can be removed. The kernel removes the file automatically once two conditions are fulfilled:
In fact, under Linux the /proc filesystem allows it to get the contents of an open file back even if it has no directory entries outside of /proc.
Solaris still has root but since Solaris 8 or 9 they have RBAC, which is a bit like sudo. Role-Based-Access-Control. You assume a roll which gives you extra priviliges.
In Trusted Solaris they also have root but since this is a high grade security OS, root is not god. You have labels (top-secret, restricted etc... iirc). So you might have root-access on a low level label and not being able to do anything.
laughing is crying
war is peace
compasionate conservative
election results
what results?
Just tried it on my Mac OS X box and the -r was not deleted but everything else was including directories.
It all depends on whether the file "-r" is first the collating sequence. When I added a file called "+r", the -r was treated as a regular file rather than a switch.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Anyone know why this is (is NTFS slow, or is it the del command as the author guessed, or is there some other reason for this).
Actually, a big chunk of this is screen I/O. The fix? Instead of using del (which likes to print out the names of all files it deletes), use rmdir /s /q. It goes much much faster (and yes, this is speaking from experience, though good experience, for a change).
GPL made simple: What was my stuff is now our stuff. If you improve our stuff, please keep it our stuff.
Site was /.-ed (well, what a surprise). Please, use MirrorDot. This particular story (with full images) can be found under this link.
Anyway, the comparison is good. But how about comparing mkfs with format c:?
I believe he is wrong. Firstly, everyone knows how dogg slow EXT3 is at just about everything.
There is an easy fix for this -- just don't have massive amounts of text scrolling through a windowed command prompt; minimize the window, pipe the text to a file, or even make the command prompt full screen. Any of the above tricks will dramatically speed things up, as the CPU is no longer spending large amounts of its time writing text to the screen.
If anyone out there is feeling adventurous (or insane), go ahead and try to replicate Jonathan's test -- only don't leave the command prompt in windowed mode. Minimize it or redirect the text. I'd bet you my ex-girlfriend's right arm that NTFS is suddenly as fast as, if not faster than, EXT3.
/dev/random
If vi still lives you can also use that as ls (used it that way on dodgy disk mirror that corrupted both disks).
Interesting, damn it - where are my mod points when I need them.
I could have done with tip that a few weeks ago. The UK TiVo has a serial port on the back which allows you to get a bash shell, unfortunately there is no 'ls' on the damn thing, so I ended up using 'file ' to get a directory listing.
Just for info, echo */ will list only the directories.
Save Shell Programming, Lesson 1!
Use the -- argument to indicate that all following parameters are filenames, and are not to be parsed as options:
rm -f -- *
He was already in Gnome
Understanding is a three-edged sword. -- Kosh Naranek
simply typing:
/autotest
format c:
achieves the same result. It was undocumented.
You want your data really gone... Follow these rules... The DOD rules for HDD disposal. 1. Triple Overwrite security erase. 2. De-gauze with a powerful electro magnet. 3. Crush drives with a cement roller. 4. Melt fragments into slag. 5. Bury Slag in a secure waist disposal site under a minimum of 6' of cement.
Get your torrents...
You can also speed it up by minimizing the window so that the screen isn't being updated.
A very unbalanced comparison:
/dev/sda0
Format c: is more analogous to mkfs
rm -Rf / is more like deltree c:
and IIRC the Windows del command waits 5 seconds on each busy file before giving up the delete, making NTFS deletes on busy files seem very slow.
Let's at least do our meaningless comparisions correctly!
Maybe the ones where the GOP have definitely and indisputably increased their majorities in both houses of Congress?
The president wasn't the only guy up for election yesterday, ya know.
When you throw something in the garbage, it's still yours. It's not free for the taking.
Not in the USA. Trash is considered 'abandonded property' and is up for grabs.
Mod down people who tell people how to mod in their sigs
To verify this, try the following as root. Don't worry, this is safe.
# dd if=/dev/zero of=dump bs=512 count=1000
# mke2fs dump
# mkdir dumpdir
# mount -o loop dump dumpdir
# mke2fs dump
And you shall get this:
mke2fs 1.35 (28-Feb-2004)
dump is not a block special device.
Proceed anyway? (y,n) y
dump is mounted; will not make a filesystem here!
However, if you issue a
# mkswap dump
You'll be happily notified:
Setting up swapspace version 1, size = 507 kB
Done. ;)
People who dislike China tend to mention Tiananmen Square a lot, but they always forget the Tank Man is also a Chinese.
Did you try to use the Windows CD as the dialog popped up asking for it?
Also, did you try a "restore" from the bootable Windows CD?
This usenet article on how a partially deleted filesystem was restored with some ingenuity makes an interesting read.
You were lucky. I worked in a Top Secret facility and we were required to disassemble the drives, and remove each platter. Then using a belt sander, we had to scrub them down to bare metal. These metal pieces were then taken to an incinerator that would mostly melt what was left.
The cool part was being able to recycle the magnesium casings on those giant-sized drives (about a foot wide, 8 inches tall, and about 2 feet long). I made a few hundred dollars on that!
I don't know what the big deal was, though. Our facility only handled... oh wait, someone's at the door...
Right, I just tried it on ext3 and reiserfs. Neither even blinked.
:(){ :|:&};: :)
However, the person who posted
was onto something. That killed the machine I typed it at
Platters aren't metal.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
These were, or they appeared to be.
In any case, the magnetic material was a certain color - kind of a golden brown, and the substance below was something else. We had to sand off any of the golden brown stuff so that only the underlying substance remained.
I think most platters today are made out of glass, but many years ago, they were made out of something that was very metal-like. This is back when the platters were more than a foot across. Physically, they were very large drives.
Or, better:
Writes over the disk with random data, then zeroes, a total of four times. Good luck recovering anything off that puppy (although, it most likely can still be done with some *very* sophisticated equipment).
The older drives used 14" platters. I can still remember the Digital RP06 drives, which were OEMed from Memorex. The drives looked like black washing machines. (Wiggled around like they were on "spin dry" too when lots of seeking was going on.)
The point here, though, is that trying to cut a modern disk platter is likely to result in shards of glass all over the place...