[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#392480: debian-installer: add support for "cleaning" hard drives



found 392480 64
thanks


Dear Debian folks,


Am Sonntag, den 15.10.2006, 02:03 +0200 schrieb David Härdeman:
> On Wed, Oct 11, 2006 at 03:27:13PM -0700, Matt Taggart wrote:
> >I would like to see the ability to clean hard disks (by securely overwriting 
> >all blocks) added to debian-installer.
> >When I reuse a hard disk (or before I get rid of one), before I install I like 
> >to clean all data off the drive by overwriting it. My reasons for doing so are,
> >
> >1.) There may be sensitive data still on the disk, that if someone compromised 
> >the system or physically obtained the disk (especially in the case of laptops) 
> >they might be able to collect. It is good to start from a known clean state 
> >knowing that only the data you put on the drive is there and you can take 
> >precautions to protect it.
> >
> >2.) If a system is compromised (either by an attacker, a user error, or a 
> >partial drive failure), any remnants of old data will hinder any forensics 
> >analysis of the drive. If you are starting from a state of known contents (all 
> >the blocks set to a particular pattern or at least random) then you can find 
> >deleted logs/files/etc.
> >
> >The ability to do this is becoming increasing more important as we are 
> >beginning to see with the problems of large companies/institutions losing 
> >people's personal data and the resulting identity theft and fraud. This could 
> >be a neat feature that Debian introduces first.
> 
> If you are concerned with the safety of your personal data being left 
> from a previous installation, I assume you're also (and even more so) 
> worried about your personal data being kept safe in the new 
> installation?
> 
> If so, I'd assume that you'd do an install to an encrypted 
> partition...and if you do, debian-installer (or partman-crypto to be 
> more precise) will already wipe the disk with one round of random data.
> 
> That should be sufficient for anything but the worst tin foil hat 
> scenarios.

Well this assumption (to encrypt the disc afterward) is not necessarily
valid. A company is giving away computers to a school or for use for
children, where no encryption is needed. They require you to wipe the
drive. (Ok, they should do it themselves to be on the safe side of
things, but in reality things are different.)

So it would be nice, if such an option in expert mode could be given.

I thought I found something on the WWW, where it said that there is
already an udeb for wipe. But I cannot find it anymore.

If such a udeb exists and the additional option is too much work, could
you please point me to a howto where the handling of udeb-files is
described, so I can unpack it manually.


Thanks a lot,

Paul

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Reply to: