Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shootout: 'rm -Rf /' vs. 'Format C:'

Posted by timothy on from the as-in-shoot-out-the-lights dept.

skyshock21 writes "There's an article over at hohle.net about what actually happens when you type the commands Format C: in windows versus rm -Rf / in Linux. Very interesting results indeed. Myths are busted, and hilarity ensues."

11 of 513 comments (clear)

  1. openbsd rm by Anonymous Coward · · Score: 5, Informative

    openbsd has rm -P which will overwrite the bytes of the 3 times

    1. Re:openbsd rm by Ice_Balrog · · Score: 5, Informative

      Linux and other *NIXes also have shred, which can do that and a bunch of other things.

      For instance, 'shred -u -z file' will overwrite that file 25 times with random bits, overwrite it with all zeros to hide the shreading, then remove the file.

      'info shred' (or 'man shred' for less detail) for more info on how to use shred.

      --
      #include "sig.h"
    2. Re:openbsd rm by dukerobillard · · Score: 5, Informative
      I'd never heard of shred, so I checked it out, and found this interesting tidbit in the man page:

      CAUTION: Note that shred relies on a very important assumption: that the filesystem overwrites data in place. This is the traditional way to do things, but many modern filesystem designs do not satisfy this assumption. The following are examples of filesystems on which shred is not effective:

      * log-structured or journaled filesystems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

      * filesystems that write redundant data and carry on even if some writes fail, such as RAID-based filesystems

      * filesystems that make snapshots, such as Network Appliance's NFS server

      * filesystems that cache in temporary locations, such as NFS version 3 clients

      * compressed filesystems

    3. Re:openbsd rm by greed · · Score: 5, Informative
      I'm not intending to support the claim that the number of overwrites is infinite, or even large.

      But I believe the basis of the claim is that, for any given "bit position" on the disc, the current magnetic reluctance of that position depends on its current state and some function of the previous state. And the previous state depends on itself and ITS previous state, and so on.

      Also, the aligment of each recording cell does not precisely line up each time. There's very sophisticated circuitry in a modern drive to figure out what the bit was supposed to be. (Keep in mind that what is actually written to the disk is coded, so that you never get long runs of 0s or 1s.) All those probabilities are fed in to the decode logic to come up with actual, usable bytes.

      So if you get to the magnetic surface and can assess the relative strengths of fragments of bits at each bit position, you can start to rebuild the history of that position. Then you have to re-run the decode to work out what the datablock contained.

      Though I can only see this being feasible for a small number of overwrites... but I really must read some of Schneier's works.

      There's a reason why we make backups; data recovery in that manner costs a fortune.

  2. A more appropriate shootout by cyborch · · Score: 5, Insightful

    would be 'mkfs /dev/hda1' vs 'format c:'

  3. you know by iamnotacrook · · Score: 5, Funny
    i read that whole article, and i couldnt find the hilarity.

    i'll go back to laughing at the election results. or was it crying, i cant remember now.

  4. sudo password by emmavl · · Score: 5, Insightful

    In the article he mentions sudo asks the root password, while it's actually asking the password of the user performing the sudo ! So I guess he must have set the root password identical to his user password during the installation.

    1. Re:sudo password by nrosier · · Score: 5, Informative

      Solaris still has root but since Solaris 8 or 9 they have RBAC, which is a bit like sudo. Role-Based-Access-Control. You assume a roll which gives you extra priviliges.

      In Trusted Solaris they also have root but since this is a high grade security OS, root is not god. You have labels (top-secret, restricted etc... iirc). So you might have root-access on a low level label and not being able to do anything.

  5. text by Anonymous Coward · · Score: 5, Informative

    format c:

    There's a nerdy idea floating around that you can tell an uninformed Windows user to type "format c:" in the Run dialog to solve their problems. This is perpetuated in office jokes and comics among other places, but how many people have actually tried to destroy their using "format c:".

    I made a goal for myself to find out what would happen if I ran "format c:" on a freshly installed Windows system and decided to compare it to the equally notorious "rm -Rf /" in Linux. Besides noting how effectively I could trash the system, I wanted to see how the operating system responded, and what it took to be able to destroy the system. I know that "format c:" and "rm -Rf /" aren't equivalent, but they usually are interchangeable punchlines to jokes, which is why they were chosen.

    Read more for the destruction of two perfectly good operating system installations.

    My target OSes were Windows XP Pro and Ubuntu Linux, both with all the latest and greatest updates. The installs were both fresh and no additional security settings had been set. Ubuntu asked me for a password during installation, Windows did not, which we will see makes a difference later down the line.

    First I established a baseline for my environment: a virtual shell parked at the root of the file system (C:\ for Windows, / for Linux).
    Windows Linux

    Larger Image Larger Image

    Well, that was simple enough. Getting to each file system's root was a nearly identical process. Now is where things will change, however. In Windows, I am going to attempt to format the drive, a low level operation which usually occurs on drives not being used and in Linux I am going to attempt to remove all of the files from the filesystem. Both should give me an empty file tree when I'm done, but come at it from different angles. In Windows, I use the "format c: /FS:NTFS" command, in Linux "rm -Rf *".
    Windows Linux

    Larger Image Larger Image

    Thankfully, and as I expected, neither of these commands wiped out my filesystem. To my shock, Windows looked as if it was going to comply with my wishes. It asked me if I would like to proceed and I confirmed that indeed I would. Ah, but as I expected, the drive was mounted and could not be formatted until it was unmounted; so I told it to try to forcefully unmount the drive. Finally it told me that it could not gain sole access to the drive and would not continue. So, straight away "format c:" will not erase your hard drive! Now how did Linux fare? Also, as I expected, almost nothing was deleted by my "rm -Rf *". My personal home directory (~/jonathanhohle) might have been erased, I didn't think to check it before I moved on. All in all, however, both systems were still up, stable, and in need of more abuse!
    Windows Linux

    Larger Image Larger Image

    Larger Image

    Larger Image

    My goal was to mass erase these disks from the command line and so far I hadn't had much luck. With Windows I knew I was going to have to take a different approach, with Linux, I knew exactly what I had to do to kill this system.

    I decided to attack Windows from the same attack point as I was hitting Linux. Instead of trying to do a low level erasure of my files I was just going to recursively delete them. So after a little mucking around at the command prompt, I came up with "del /F /S /Q *". Linux was a no brainer. All I had to do was escalate my permissions with sudo, "sudo rm -Rf *" to be exact.
    Windows Linux

    Larger Image Larger Image

    Well, that did the trick on both systems with one caveat. As the first Linux screenshot under this paragraph shows, Linux would not continue with the command until the root password was entered. Windows, on the other hand had no problems going to town unlinking files after the [Enter] key was struck.
    Windows Linux

    Larger Image Larger Image

    Afte

  6. Get a life by soul_hk · · Score: 5, Insightful

    Seriously folks,
    this proves almost nothing.
    This guy really needs to find something better to occupy his time with, ideas include polishing the spoons, re-arranging the sock drawer and cleaning the fridge.

    We all know the best way to screw a Windows XP SP2 user is to convince them to turn off the firewall ..

    mod me down, see if I care

  7. Re:...vs Magnet vs Tossage by 1nhuman · · Score: 5, Interesting

    Actually a Dutch (national) prosecutor did something similiar a month ago. He thought his HDD failed and put his whole PC with his garbage on the street.

    Unfortunatly a Taxi driver took the PC with him and managed to boot the machine and found an enormous ammount of very confidentinial information on the HDD. Information about some top crime and fraude cases. The Taxi driver then sold this HDD to a dutch TV crime fighter.

    In the end this got the prosecutor fired. Which I think is sort of unreasonable, since the major issue is the justice departments lack of descent security procedure.

    --
    The glass is half-full. With poison. And there are cracks in the glass. The dirty, dirty glass.