From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-August/007239.html | 143 +++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-August/007239.html (limited to 'zarb-ml/mageia-dev/2011-August/007239.html') diff --git a/zarb-ml/mageia-dev/2011-August/007239.html b/zarb-ml/mageia-dev/2011-August/007239.html new file mode 100644 index 000000000..52f2cf04e --- /dev/null +++ b/zarb-ml/mageia-dev/2011-August/007239.html @@ -0,0 +1,143 @@ + + + + [Mageia-dev] RM replacement + + + + + + + + + +

[Mageia-dev] RM replacement

+ andre999 + andr55 at laposte.net +
+ Fri Aug 5 06:50:53 CEST 2011 +

+
+ +
Luis Daniel Lucio Quiroz a écrit :
+> Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit :
+>> Luis Daniel Lucio Quiroz a écrit :
+>>> Helo,
+>>>
+>>> As my experience in security field, to make Mageia more available in
+>>> enterprise environments, and specially those that are security
+>>> paranoid, i'm planning to port SRM.  SRM is a package that does a
+>>> "secure" file deleting according some security standards (i dont
+>>> remember right now names, i guess it is something in NIST, but that
+>>> doesnt matter really).
+>>>
+>>> My question is, what should be the procedure that when you install srm,
+>>> then the normal rm command could be replaced?  i was thinking in
+>>> pushing an alias but what other alternatives do i have?
+>>>
+>>> please comment,
+>>>
+>>> LD
+>>
+>> At first glance that sounds like a reasonable approach EXCEPT -- a
+>> system-level alias would be over-ridden by a user alias.
+>> A user could innocently have an alias such as :
+>> alias rm="rm -i"
+>>
+>> rm is in /bin
+>> - /bin/rm could be replaced with a link to srm, but I don't know if that
+>> would be considered acceptable.
+>> rm would have to be restored if srm were uninstalled
+>>
+>> - wouldn't a link in /usr/bin/rm be executed first ?
+>> Of course that doesn't cover execution with root privileges.
+>> An alias in root wouldn't necessarily work, as an admin could inadvertantly
+>> replace it with another.  (By loading a new file with some changed alias,
+>> for example.)
+>> But probably less likely than some user doing the same on their profile.
+>>
+>> There could be other approaches as well ... :)
+>
+> You are right! :)
+>
+> Well another option could be this:
+>
+> a. we change coreutils to install /bin/rm as  /bin/rm.vanilla (or other name,
+> that really doesnt matter),
+> b. i change srm to install itself in /bin instead of /usr/bin
+> c. we place alternatives in both packages to provide /bin/rm, giving
+> preference to srm if installed, otherwise it will use rm of coreutils
+>
+> LD
+
+That would probably be the ideal approach.  But it might take a while to get 
+the changes accepted in coreutils.
+
+Maybe it could be all done from srm ?
+On srm install,
+a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?)
+b. create /bin/rm link to /bin/srm
+
+On srm uninstall, we ensure that
+a. rm /bin/rm link
+b. rename /bin/rm.vanilla to /bin/rm
+
+Hopefully that could be done reliably, with an uninstall script.
+
+-- 
+André
+
+ + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1