Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shootout: 'rm -Rf /' vs. 'Format C:'

Posted by timothy on from the as-in-shoot-out-the-lights dept.

skyshock21 writes "There's an article over at hohle.net about what actually happens when you type the commands Format C: in windows versus rm -Rf / in Linux. Very interesting results indeed. Myths are busted, and hilarity ensues."

6 of 513 comments (clear)

  1. openbsd rm by Anonymous Coward · · Score: 5, Informative

    openbsd has rm -P which will overwrite the bytes of the 3 times

    1. Re:openbsd rm by Ice_Balrog · · Score: 5, Informative

      Linux and other *NIXes also have shred, which can do that and a bunch of other things.

      For instance, 'shred -u -z file' will overwrite that file 25 times with random bits, overwrite it with all zeros to hide the shreading, then remove the file.

      'info shred' (or 'man shred' for less detail) for more info on how to use shred.

      --
      #include "sig.h"
    2. Re:openbsd rm by dukerobillard · · Score: 5, Informative
      I'd never heard of shred, so I checked it out, and found this interesting tidbit in the man page:

      CAUTION: Note that shred relies on a very important assumption: that the filesystem overwrites data in place. This is the traditional way to do things, but many modern filesystem designs do not satisfy this assumption. The following are examples of filesystems on which shred is not effective:

      * log-structured or journaled filesystems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

      * filesystems that write redundant data and carry on even if some writes fail, such as RAID-based filesystems

      * filesystems that make snapshots, such as Network Appliance's NFS server

      * filesystems that cache in temporary locations, such as NFS version 3 clients

      * compressed filesystems

    3. Re:openbsd rm by greed · · Score: 5, Informative
      I'm not intending to support the claim that the number of overwrites is infinite, or even large.

      But I believe the basis of the claim is that, for any given "bit position" on the disc, the current magnetic reluctance of that position depends on its current state and some function of the previous state. And the previous state depends on itself and ITS previous state, and so on.

      Also, the aligment of each recording cell does not precisely line up each time. There's very sophisticated circuitry in a modern drive to figure out what the bit was supposed to be. (Keep in mind that what is actually written to the disk is coded, so that you never get long runs of 0s or 1s.) All those probabilities are fed in to the decode logic to come up with actual, usable bytes.

      So if you get to the magnetic surface and can assess the relative strengths of fragments of bits at each bit position, you can start to rebuild the history of that position. Then you have to re-run the decode to work out what the datablock contained.

      Though I can only see this being feasible for a small number of overwrites... but I really must read some of Schneier's works.

      There's a reason why we make backups; data recovery in that manner costs a fortune.

  2. text by Anonymous Coward · · Score: 5, Informative

    format c:

    There's a nerdy idea floating around that you can tell an uninformed Windows user to type "format c:" in the Run dialog to solve their problems. This is perpetuated in office jokes and comics among other places, but how many people have actually tried to destroy their using "format c:".

    I made a goal for myself to find out what would happen if I ran "format c:" on a freshly installed Windows system and decided to compare it to the equally notorious "rm -Rf /" in Linux. Besides noting how effectively I could trash the system, I wanted to see how the operating system responded, and what it took to be able to destroy the system. I know that "format c:" and "rm -Rf /" aren't equivalent, but they usually are interchangeable punchlines to jokes, which is why they were chosen.

    Read more for the destruction of two perfectly good operating system installations.

    My target OSes were Windows XP Pro and Ubuntu Linux, both with all the latest and greatest updates. The installs were both fresh and no additional security settings had been set. Ubuntu asked me for a password during installation, Windows did not, which we will see makes a difference later down the line.

    First I established a baseline for my environment: a virtual shell parked at the root of the file system (C:\ for Windows, / for Linux).
    Windows Linux

    Larger Image Larger Image

    Well, that was simple enough. Getting to each file system's root was a nearly identical process. Now is where things will change, however. In Windows, I am going to attempt to format the drive, a low level operation which usually occurs on drives not being used and in Linux I am going to attempt to remove all of the files from the filesystem. Both should give me an empty file tree when I'm done, but come at it from different angles. In Windows, I use the "format c: /FS:NTFS" command, in Linux "rm -Rf *".
    Windows Linux

    Larger Image Larger Image

    Thankfully, and as I expected, neither of these commands wiped out my filesystem. To my shock, Windows looked as if it was going to comply with my wishes. It asked me if I would like to proceed and I confirmed that indeed I would. Ah, but as I expected, the drive was mounted and could not be formatted until it was unmounted; so I told it to try to forcefully unmount the drive. Finally it told me that it could not gain sole access to the drive and would not continue. So, straight away "format c:" will not erase your hard drive! Now how did Linux fare? Also, as I expected, almost nothing was deleted by my "rm -Rf *". My personal home directory (~/jonathanhohle) might have been erased, I didn't think to check it before I moved on. All in all, however, both systems were still up, stable, and in need of more abuse!
    Windows Linux

    Larger Image Larger Image

    Larger Image

    Larger Image

    My goal was to mass erase these disks from the command line and so far I hadn't had much luck. With Windows I knew I was going to have to take a different approach, with Linux, I knew exactly what I had to do to kill this system.

    I decided to attack Windows from the same attack point as I was hitting Linux. Instead of trying to do a low level erasure of my files I was just going to recursively delete them. So after a little mucking around at the command prompt, I came up with "del /F /S /Q *". Linux was a no brainer. All I had to do was escalate my permissions with sudo, "sudo rm -Rf *" to be exact.
    Windows Linux

    Larger Image Larger Image

    Well, that did the trick on both systems with one caveat. As the first Linux screenshot under this paragraph shows, Linux would not continue with the command until the root password was entered. Windows, on the other hand had no problems going to town unlinking files after the [Enter] key was struck.
    Windows Linux

    Larger Image Larger Image

    Afte

  3. Re:sudo password by nrosier · · Score: 5, Informative

    Solaris still has root but since Solaris 8 or 9 they have RBAC, which is a bit like sudo. Role-Based-Access-Control. You assume a roll which gives you extra priviliges.

    In Trusted Solaris they also have root but since this is a high grade security OS, root is not god. You have labels (top-secret, restricted etc... iirc). So you might have root-access on a low level label and not being able to do anything.