diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-August/007254.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-August/007254.html | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-August/007254.html b/zarb-ml/mageia-dev/2011-August/007254.html new file mode 100644 index 000000000..5d7a359a6 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-August/007254.html @@ -0,0 +1,181 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] RM replacement + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20RM%20replacement&In-Reply-To=%3C2371759.3jfUkQGYKd%40elmo.okay.com.mx%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="007287.html"> + <LINK REL="Next" HREF="007232.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] RM replacement</H1> + <B>Luis Daniel Lucio Quiroz</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20RM%20replacement&In-Reply-To=%3C2371759.3jfUkQGYKd%40elmo.okay.com.mx%3E" + TITLE="[Mageia-dev] RM replacement">dlucio at okay.com.mx + </A><BR> + <I>Fri Aug 5 18:00:02 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="007287.html">[Mageia-dev] RM replacement +</A></li> + <LI>Next message: <A HREF="007232.html">[Mageia-dev] RM replacement +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7254">[ date ]</a> + <a href="thread.html#7254">[ thread ]</a> + <a href="subject.html#7254">[ subject ]</a> + <a href="author.html#7254">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le Vendredi 05 Août 2011 08:58:12 andre999 a écrit : +><i> Colin Guthrie a écrit : +</I>><i> > 'Twas brillig, and andre999 at 05/08/11 06:50 did gyre and gimble: +</I>><i> >> Luis Daniel Lucio Quiroz a écrit : +</I>><i> >>> Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit : +</I>><i> >>>> Luis Daniel Lucio Quiroz a écrit : +</I>><i> >>>>> Helo, +</I>><i> >>>>> +</I>><i> >>>>> As my experience in security field, to make Mageia more +</I>><i> >>>>> available in +</I>><i> >>>>> enterprise environments, and specially those that are security +</I>><i> >>>>> paranoid, i'm planning to port SRM. SRM is a package that does +</I>><i> >>>>> a +</I>><i> >>>>> "secure" file deleting according some security standards (i dont +</I>><i> >>>>> remember right now names, i guess it is something in NIST, but +</I>><i> >>>>> that +</I>><i> >>>>> doesnt matter really). +</I>><i> >>>>> +</I>><i> >>>>> My question is, what should be the procedure that when you +</I>><i> >>>>> install srm, then the normal rm command could be replaced? i +</I>><i> >>>>> was thinking in pushing an alias but what other alternatives do +</I>><i> >>>>> i have? +</I>><i> >>>>> +</I>><i> >>>>> please comment, +</I>><i> >>>>> +</I>><i> >>>>> LD +</I>><i> >>>> +</I>><i> >>>> At first glance that sounds like a reasonable approach EXCEPT -- a +</I>><i> >>>> system-level alias would be over-ridden by a user alias. +</I>><i> >>>> A user could innocently have an alias such as : +</I>><i> >>>> alias rm="rm -i" +</I>><i> >>>> +</I>><i> >>>> rm is in /bin +</I>><i> >>>> - /bin/rm could be replaced with a link to srm, but I don't know +</I>><i> >>>> if that would be considered acceptable. +</I>><i> >>>> rm would have to be restored if srm were uninstalled +</I>><i> >>>> +</I>><i> >>>> - wouldn't a link in /usr/bin/rm be executed first ? +</I>><i> >>>> Of course that doesn't cover execution with root privileges. +</I>><i> >>>> An alias in root wouldn't necessarily work, as an admin could +</I>><i> >>>> inadvertantly +</I>><i> >>>> replace it with another. (By loading a new file with some changed +</I>><i> >>>> alias, +</I>><i> >>>> for example.) +</I>><i> >>>> But probably less likely than some user doing the same on their +</I>><i> >>>> profile. +</I>><i> >>>> +</I>><i> >>>> There could be other approaches as well ... :) +</I>><i> >>> +</I>><i> >>> You are right! :) +</I>><i> >>> +</I>><i> >>> Well another option could be this: +</I>><i> >>> +</I>><i> >>> a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or +</I>><i> >>> other name, +</I>><i> >>> that really doesnt matter), +</I>><i> >>> b. i change srm to install itself in /bin instead of /usr/bin +</I>><i> >>> c. we place alternatives in both packages to provide /bin/rm, giving +</I>><i> >>> preference to srm if installed, otherwise it will use rm of +</I>><i> >>> coreutils +</I>><i> >>> +</I>><i> >>> LD +</I>><i> >> +</I>><i> >> That would probably be the ideal approach. But it might take a while +</I>><i> >> to +</I>><i> >> get the changes accepted in coreutils. +</I>><i> >> +</I>><i> >> Maybe it could be all done from srm ? +</I>><i> >> On srm install, +</I>><i> >> a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?) +</I>><i> >> b. create /bin/rm link to /bin/srm +</I>><i> > +</I>><i> > Definitely not. It's against the commandments: Thou shalt not mess with +</I>><i> > another packages' files. +</I>><i> +</I>><i> ok. I suspected that. +</I>><i> It would be nice to have a list of these points for newer packagers. +</I>><i> +</I>><i> >> On srm uninstall, we ensure that +</I>><i> >> a. rm /bin/rm link +</I>><i> >> b. rename /bin/rm.vanilla to /bin/rm +</I>><i> >> +</I>><i> >> Hopefully that could be done reliably, with an uninstall script. +</I>><i> > +</I>><i> > No, this is very bad. +</I>><i> > +</I>><i> > It's what the alternatives system was designed to do for you, but I +</I>><i> > really don't think that something as fundamental as rm should be messed +</I>><i> > with in this way as I mentioned in my own email. +</I>><i> > +</I>><i> > srm is an add on userspace tool. To implement secure deletes properly, +</I>><i> > you would want support at a lower level (i.e in the kernel/fs). +</I>><i> +</I>><i> makes sense. +</I>><i> +</I>><i> > I think srm should just be a tool people use explicitly when they want +</I>><i> > to. +</I>><i> When I think about it, deleting with a pattern instead of just zeros is +</I>><i> probably only advantageous when a disk is being disposed of -- in which case +</I>><i> srm being a userspace tool is not a disadvantage. +</I>><i> +</I>><i> > Col +</I>Good point +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="007287.html">[Mageia-dev] RM replacement +</A></li> + <LI>Next message: <A HREF="007232.html">[Mageia-dev] RM replacement +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7254">[ date ]</a> + <a href="thread.html#7254">[ thread ]</a> + <a href="subject.html#7254">[ subject ]</a> + <a href="author.html#7254">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |