1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] RM replacement
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20RM%20replacement&In-Reply-To=%3C4E3B76AD.3020005%40laposte.net%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="007236.html">
<LINK REL="Next" HREF="007242.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] RM replacement</H1>
<B>andre999</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20RM%20replacement&In-Reply-To=%3C4E3B76AD.3020005%40laposte.net%3E"
TITLE="[Mageia-dev] RM replacement">andr55 at laposte.net
</A><BR>
<I>Fri Aug 5 06:50:53 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="007236.html">[Mageia-dev] RM replacement
</A></li>
<LI>Next message: <A HREF="007242.html">[Mageia-dev] RM replacement
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7239">[ date ]</a>
<a href="thread.html#7239">[ thread ]</a>
<a href="subject.html#7239">[ subject ]</a>
<a href="author.html#7239">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Luis Daniel Lucio Quiroz a écrit :
><i> Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit :
</I>>><i> Luis Daniel Lucio Quiroz a écrit :
</I>>>><i> Helo,
</I>>>><i>
</I>>>><i> As my experience in security field, to make Mageia more available in
</I>>>><i> enterprise environments, and specially those that are security
</I>>>><i> paranoid, i'm planning to port SRM. SRM is a package that does a
</I>>>><i> "secure" file deleting according some security standards (i dont
</I>>>><i> remember right now names, i guess it is something in NIST, but that
</I>>>><i> doesnt matter really).
</I>>>><i>
</I>>>><i> My question is, what should be the procedure that when you install srm,
</I>>>><i> then the normal rm command could be replaced? i was thinking in
</I>>>><i> pushing an alias but what other alternatives do i have?
</I>>>><i>
</I>>>><i> please comment,
</I>>>><i>
</I>>>><i> LD
</I>>><i>
</I>>><i> At first glance that sounds like a reasonable approach EXCEPT -- a
</I>>><i> system-level alias would be over-ridden by a user alias.
</I>>><i> A user could innocently have an alias such as :
</I>>><i> alias rm="rm -i"
</I>>><i>
</I>>><i> rm is in /bin
</I>>><i> - /bin/rm could be replaced with a link to srm, but I don't know if that
</I>>><i> would be considered acceptable.
</I>>><i> rm would have to be restored if srm were uninstalled
</I>>><i>
</I>>><i> - wouldn't a link in /usr/bin/rm be executed first ?
</I>>><i> Of course that doesn't cover execution with root privileges.
</I>>><i> An alias in root wouldn't necessarily work, as an admin could inadvertantly
</I>>><i> replace it with another. (By loading a new file with some changed alias,
</I>>><i> for example.)
</I>>><i> But probably less likely than some user doing the same on their profile.
</I>>><i>
</I>>><i> There could be other approaches as well ... :)
</I>><i>
</I>><i> You are right! :)
</I>><i>
</I>><i> Well another option could be this:
</I>><i>
</I>><i> a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or other name,
</I>><i> that really doesnt matter),
</I>><i> b. i change srm to install itself in /bin instead of /usr/bin
</I>><i> c. we place alternatives in both packages to provide /bin/rm, giving
</I>><i> preference to srm if installed, otherwise it will use rm of coreutils
</I>><i>
</I>><i> LD
</I>
That would probably be the ideal approach. But it might take a while to get
the changes accepted in coreutils.
Maybe it could be all done from srm ?
On srm install,
a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?)
b. create /bin/rm link to /bin/srm
On srm uninstall, we ensure that
a. rm /bin/rm link
b. rename /bin/rm.vanilla to /bin/rm
Hopefully that could be done reliably, with an uninstall script.
--
André
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="007236.html">[Mageia-dev] RM replacement
</A></li>
<LI>Next message: <A HREF="007242.html">[Mageia-dev] RM replacement
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7239">[ date ]</a>
<a href="thread.html#7239">[ thread ]</a>
<a href="subject.html#7239">[ subject ]</a>
<a href="author.html#7239">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
