On Wed, 23 Jan 2013 01:36:01 +0000, tsu2 wrote:
> - Zeroing in preparation for a new install? - Probably reformatting
> maybe even a couple times would likely be more efficient although
> zeroing might do a better job.
If the purpose is just to render the drive unreadable, then zeroing won’t
defeat advanced recovery tools (out-of-band tools, here, not something
that runs on the machine). Multiple passes with /dev/urandom rather
than /dev/zero is generally considered the most secure way to wipe a
Or do what I do with an external drive - full disk encryption, with keys
off the drive. Since I’ve had a couple external USB drives go poof with
sensitive data on them, I’ve started encrypting those drives so if I opt
to return the drive (if it dies within warranty), the drive is
unrecoverable using forensic tools.
> - Exploits running in Wine - Well, I’ve seen exploits that intentionally
> install *NIX filesystems on Windows systems as one way to root the
> system… which means… The process is actually running *NIX functions
> that could potentially damage your Linux system!
Well, exploits written for Windows that “install” a *nix filesystem
(which I’ve never heard of before) would use Win32 libraries, so it would
be passed through WINE, so not using native *nix libraries.
> - Ounce of Prevention better than a Pound of Cure… Sandbox your risky
> activities. If you already know that Gaming exposes your system, then
> run virtualized or on a separate HDD. I don’t know that simply logging
> in with a different User might be sufficient… but maybe if your game
> runs in Wine it would not require access outside of the /home directory.
> YMMV, take a look at what is happening on your system and of course this
> means <no shared directories or drives> between Users, and of course
> nothing running with elevated permissions.
For a normal user (and you hint at this), only /home/username and /tmp
would be writable in normal conditions, and /home/user1 wouldn’t be
accessible, so that would generally be sandboxed enough, unless you allow
the sandboxed user to use sudo without a password (for instance) - which
would defeat the sandboxing anyways.
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C