1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] RM replacement
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20RM%20replacement&In-Reply-To=%3C2371759.3jfUkQGYKd%40elmo.okay.com.mx%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="007287.html">
<LINK REL="Next" HREF="007232.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] RM replacement</H1>
<B>Luis Daniel Lucio Quiroz</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20RM%20replacement&In-Reply-To=%3C2371759.3jfUkQGYKd%40elmo.okay.com.mx%3E"
TITLE="[Mageia-dev] RM replacement">dlucio at okay.com.mx
</A><BR>
<I>Fri Aug 5 18:00:02 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="007287.html">[Mageia-dev] RM replacement
</A></li>
<LI>Next message: <A HREF="007232.html">[Mageia-dev] RM replacement
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7254">[ date ]</a>
<a href="thread.html#7254">[ thread ]</a>
<a href="subject.html#7254">[ subject ]</a>
<a href="author.html#7254">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Le Vendredi 05 Août 2011 08:58:12 andre999 a écrit :
><i> Colin Guthrie a écrit :
</I>><i> > 'Twas brillig, and andre999 at 05/08/11 06:50 did gyre and gimble:
</I>><i> >> Luis Daniel Lucio Quiroz a écrit :
</I>><i> >>> Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit :
</I>><i> >>>> Luis Daniel Lucio Quiroz a écrit :
</I>><i> >>>>> Helo,
</I>><i> >>>>>
</I>><i> >>>>> As my experience in security field, to make Mageia more
</I>><i> >>>>> available in
</I>><i> >>>>> enterprise environments, and specially those that are security
</I>><i> >>>>> paranoid, i'm planning to port SRM. SRM is a package that does
</I>><i> >>>>> a
</I>><i> >>>>> "secure" file deleting according some security standards (i dont
</I>><i> >>>>> remember right now names, i guess it is something in NIST, but
</I>><i> >>>>> that
</I>><i> >>>>> doesnt matter really).
</I>><i> >>>>>
</I>><i> >>>>> My question is, what should be the procedure that when you
</I>><i> >>>>> install srm, then the normal rm command could be replaced? i
</I>><i> >>>>> was thinking in pushing an alias but what other alternatives do
</I>><i> >>>>> i have?
</I>><i> >>>>>
</I>><i> >>>>> please comment,
</I>><i> >>>>>
</I>><i> >>>>> LD
</I>><i> >>>>
</I>><i> >>>> At first glance that sounds like a reasonable approach EXCEPT -- a
</I>><i> >>>> system-level alias would be over-ridden by a user alias.
</I>><i> >>>> A user could innocently have an alias such as :
</I>><i> >>>> alias rm="rm -i"
</I>><i> >>>>
</I>><i> >>>> rm is in /bin
</I>><i> >>>> - /bin/rm could be replaced with a link to srm, but I don't know
</I>><i> >>>> if that would be considered acceptable.
</I>><i> >>>> rm would have to be restored if srm were uninstalled
</I>><i> >>>>
</I>><i> >>>> - wouldn't a link in /usr/bin/rm be executed first ?
</I>><i> >>>> Of course that doesn't cover execution with root privileges.
</I>><i> >>>> An alias in root wouldn't necessarily work, as an admin could
</I>><i> >>>> inadvertantly
</I>><i> >>>> replace it with another. (By loading a new file with some changed
</I>><i> >>>> alias,
</I>><i> >>>> for example.)
</I>><i> >>>> But probably less likely than some user doing the same on their
</I>><i> >>>> profile.
</I>><i> >>>>
</I>><i> >>>> There could be other approaches as well ... :)
</I>><i> >>>
</I>><i> >>> You are right! :)
</I>><i> >>>
</I>><i> >>> Well another option could be this:
</I>><i> >>>
</I>><i> >>> a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or
</I>><i> >>> other name,
</I>><i> >>> that really doesnt matter),
</I>><i> >>> b. i change srm to install itself in /bin instead of /usr/bin
</I>><i> >>> c. we place alternatives in both packages to provide /bin/rm, giving
</I>><i> >>> preference to srm if installed, otherwise it will use rm of
</I>><i> >>> coreutils
</I>><i> >>>
</I>><i> >>> LD
</I>><i> >>
</I>><i> >> That would probably be the ideal approach. But it might take a while
</I>><i> >> to
</I>><i> >> get the changes accepted in coreutils.
</I>><i> >>
</I>><i> >> Maybe it could be all done from srm ?
</I>><i> >> On srm install,
</I>><i> >> a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?)
</I>><i> >> b. create /bin/rm link to /bin/srm
</I>><i> >
</I>><i> > Definitely not. It's against the commandments: Thou shalt not mess with
</I>><i> > another packages' files.
</I>><i>
</I>><i> ok. I suspected that.
</I>><i> It would be nice to have a list of these points for newer packagers.
</I>><i>
</I>><i> >> On srm uninstall, we ensure that
</I>><i> >> a. rm /bin/rm link
</I>><i> >> b. rename /bin/rm.vanilla to /bin/rm
</I>><i> >>
</I>><i> >> Hopefully that could be done reliably, with an uninstall script.
</I>><i> >
</I>><i> > No, this is very bad.
</I>><i> >
</I>><i> > It's what the alternatives system was designed to do for you, but I
</I>><i> > really don't think that something as fundamental as rm should be messed
</I>><i> > with in this way as I mentioned in my own email.
</I>><i> >
</I>><i> > srm is an add on userspace tool. To implement secure deletes properly,
</I>><i> > you would want support at a lower level (i.e in the kernel/fs).
</I>><i>
</I>><i> makes sense.
</I>><i>
</I>><i> > I think srm should just be a tool people use explicitly when they want
</I>><i> > to.
</I>><i> When I think about it, deleting with a pattern instead of just zeros is
</I>><i> probably only advantageous when a disk is being disposed of -- in which case
</I>><i> srm being a userspace tool is not a disadvantage.
</I>><i>
</I>><i> > Col
</I>Good point
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="007287.html">[Mageia-dev] RM replacement
</A></li>
<LI>Next message: <A HREF="007232.html">[Mageia-dev] RM replacement
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#7254">[ date ]</a>
<a href="thread.html#7254">[ thread ]</a>
<a href="subject.html#7254">[ subject ]</a>
<a href="author.html#7254">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
