[Mageia-dev] RM replacement

Fri Aug 5 00:39:35 CEST 2011

Luis Daniel Lucio Quiroz a écrit :
+> Helo,
+>
+> As my experience in security field, to make Mageia more available in enterprise
+> environments, and specially those that are security paranoid, i'm planning to
+> port SRM.  SRM is a package that does a "secure" file deleting according some
+> security standards (i dont remember right now names, i guess it is something
+> in NIST, but that doesnt matter really).
+>
+> My question is, what should be the procedure that when you install srm, then
+> the normal rm command could be replaced?  i was thinking in pushing an alias
+> but what other alternatives do i have?
+>
+> please comment,
+>
+> LD
+
+At first glance that sounds like a reasonable approach EXCEPT -- a system-level 
+alias would be over-ridden by a user alias.
+A user could innocently have an alias such as :
+alias rm="rm -i"
+
+rm is in /bin
+- /bin/rm could be replaced with a link to srm, but I don't know if that would 
+be considered acceptable.
+rm would have to be restored if srm were uninstalled
+
+- wouldn't a link in /usr/bin/rm be executed first ?
+Of course that doesn't cover execution with root privileges.
+An alias in root wouldn't necessarily work, as an admin could inadvertantly 
+replace it with another.  (By loading a new file with some changed alias, for 
+example.)
+But probably less likely than some user doing the same on their profile.
+
+There could be other approaches as well ... :)
+
+-- 
+André
+