Re: [Mageia-dev] RM replacement
Luis Daniel Lucio Quiroz a écrit : Le Dimanche 07 Août 2011 23:03:15 Florian Hubold a écrit : Am 07.08.2011 16:41, schrieb Pierre Jarillon: Le vendredi 5 août 2011 16:23:19, Florian Hubold a écrit : Am 05.08.2011 14:58, schrieb andre999: Colin Guthrie a écrit : I think srm should just be a tool people use explicitly when they want to. When I think about it, deleting with a pattern instead of just zeros is probably only advantageous when a disk is being disposed of -- in which case srm being a userspace tool is not a disadvantage. Col Well, if you want to dispose the disk, then i'd use something like Dariks>> Boot and Nuke (DBAN): http://www.dban.org/ It offers really secure methods of overwriting your data with varying patterns, and if you want to dispose a whole disk. then maybe an userspace tool to delete single files is not the best suited tool, IMHO. Do you know WIPE ? http://wipe.sourceforge.net/ I don't know if it is the most secured rm, but it could be. Yes, and it has the advantage that you don't need to reboot. Good point! Yes, but more than the tool is how to replace rm command LD I think it is useful to question WHY particular files should be securely deleted. For disposing of a disk, something like DBAN would be an excellent tool. (WIPE seems a little dated, since a lot of disk technology has changed since 2004.) For individual files, if the particular file should really be securely disposed of, then maybe training the users disposing of such files to use srm could be a useful approach. (There would likely be no point in securely deleting most files.) Then there is always the option of an administrator using srm on items in the trash folders on a regular basis. This could be done automatically by a shell script, if desired. A utility that periodically sanitizes free space could be useful, as well. Changes in the filesystem or the kernel seems the only reliable way to ensure consistantly securely deleting all (or all of a defined subset of) files. -- André
Re: [Mageia-dev] RM replacement
Le Dimanche 07 Août 2011 23:03:15 Florian Hubold a écrit : > Am 07.08.2011 16:41, schrieb Pierre Jarillon: > > Le vendredi 5 août 2011 16:23:19, Florian Hubold a écrit : > >> Am 05.08.2011 14:58, schrieb andre999: > >>> Colin Guthrie a écrit : > I think srm should just be a tool people use explicitly when they > want > to. > >>> > >>> When I think about it, deleting with a pattern instead of just zeros > >>> is > >>> probably only advantageous when a disk is being disposed of -- in > >>> which > >>> case srm being a userspace tool is not a disadvantage. > >>> > Col > >> > >> Well, if you want to dispose the disk, then i'd use something like > >> Dariks>> > >> Boot and Nuke (DBAN): > >> http://www.dban.org/ > >> It offers really secure methods of overwriting your data with varying > >> > >> patterns, and if you want to dispose a whole disk. then maybe an > >> userspace tool to delete single > >> > >> files is not the best suited tool, IMHO. > > > > Do you know WIPE ? http://wipe.sourceforge.net/ > > I don't know if it is the most secured rm, but it could be. > > Yes, and it has the advantage that you don't need to reboot. Good point! Yes, but more than the tool is how to replace rm command LD
Re: [Mageia-dev] RM replacement
Am 07.08.2011 16:41, schrieb Pierre Jarillon: Le vendredi 5 août 2011 16:23:19, Florian Hubold a écrit : Am 05.08.2011 14:58, schrieb andre999: Colin Guthrie a écrit : I think srm should just be a tool people use explicitly when they want to. When I think about it, deleting with a pattern instead of just zeros is probably only advantageous when a disk is being disposed of -- in which case srm being a userspace tool is not a disadvantage. Col Well, if you want to dispose the disk, then i'd use something like Dariks Boot and Nuke (DBAN): http://www.dban.org/ It offers really secure methods of overwriting your data with varying patterns, and if you want to dispose a whole disk. then maybe an userspace tool to delete single files is not the best suited tool, IMHO. Do you know WIPE ? http://wipe.sourceforge.net/ I don't know if it is the most secured rm, but it could be. Yes, and it has the advantage that you don't need to reboot. Good point!
Re: [Mageia-dev] RM replacement
Le vendredi 5 août 2011 16:23:19, Florian Hubold a écrit : > Am 05.08.2011 14:58, schrieb andre999: > > Colin Guthrie a écrit : > >> I think srm should just be a tool people use explicitly when they want > >> to. > > > > When I think about it, deleting with a pattern instead of just zeros is > > probably only advantageous when a disk is being disposed of -- in which > > case srm being a userspace tool is not a disadvantage. > > > >> Col > > Well, if you want to dispose the disk, then i'd use something like Dariks > Boot and Nuke (DBAN): > http://www.dban.org/ > It offers really secure methods of overwriting your data with varying > patterns, and if you want to dispose a whole disk. then maybe an userspace > tool to delete single > files is not the best suited tool, IMHO. Do you know WIPE ? http://wipe.sourceforge.net/ I don't know if it is the most secured rm, but it could be. -- Pierre Jarillon - http://pjarillon.free.fr/ Vice-président de l'ABUL : http://abul.org/ Microsoft est à l'informatique ce que McDonald est à la gastronomie.
Re: [Mageia-dev] RM replacement
Le Vendredi 05 Août 2011 08:58:12 andre999 a écrit : > Colin Guthrie a écrit : > > 'Twas brillig, and andre999 at 05/08/11 06:50 did gyre and gimble: > >> Luis Daniel Lucio Quiroz a écrit : > >>> Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit : > Luis Daniel Lucio Quiroz a écrit : > > Helo, > > > > As my experience in security field, to make Mageia more > > available in > > enterprise environments, and specially those that are security > > paranoid, i'm planning to port SRM. SRM is a package that does > > a > > "secure" file deleting according some security standards (i dont > > remember right now names, i guess it is something in NIST, but > > that > > doesnt matter really). > > > > My question is, what should be the procedure that when you > > install srm, then the normal rm command could be replaced? i > > was thinking in pushing an alias but what other alternatives do > > i have? > > > > please comment, > > > > LD > > At first glance that sounds like a reasonable approach EXCEPT -- a > system-level alias would be over-ridden by a user alias. > A user could innocently have an alias such as : > alias rm="rm -i" > > rm is in /bin > - /bin/rm could be replaced with a link to srm, but I don't know > if that would be considered acceptable. > rm would have to be restored if srm were uninstalled > > - wouldn't a link in /usr/bin/rm be executed first ? > Of course that doesn't cover execution with root privileges. > An alias in root wouldn't necessarily work, as an admin could > inadvertantly > replace it with another. (By loading a new file with some changed > alias, > for example.) > But probably less likely than some user doing the same on their > profile. > > There could be other approaches as well ... :) > >>> > >>> You are right! :) > >>> > >>> Well another option could be this: > >>> > >>> a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or > >>> other name, > >>> that really doesnt matter), > >>> b. i change srm to install itself in /bin instead of /usr/bin > >>> c. we place alternatives in both packages to provide /bin/rm, giving > >>> preference to srm if installed, otherwise it will use rm of > >>> coreutils > >>> > >>> LD > >> > >> That would probably be the ideal approach. But it might take a while > >> to > >> get the changes accepted in coreutils. > >> > >> Maybe it could be all done from srm ? > >> On srm install, > >> a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?) > >> b. create /bin/rm link to /bin/srm > > > > Definitely not. It's against the commandments: Thou shalt not mess with > > another packages' files. > > ok. I suspected that. > It would be nice to have a list of these points for newer packagers. > > >> On srm uninstall, we ensure that > >> a. rm /bin/rm link > >> b. rename /bin/rm.vanilla to /bin/rm > >> > >> Hopefully that could be done reliably, with an uninstall script. > > > > No, this is very bad. > > > > It's what the alternatives system was designed to do for you, but I > > really don't think that something as fundamental as rm should be messed > > with in this way as I mentioned in my own email. > > > > srm is an add on userspace tool. To implement secure deletes properly, > > you would want support at a lower level (i.e in the kernel/fs). > > makes sense. > > > I think srm should just be a tool people use explicitly when they want > > to. > When I think about it, deleting with a pattern instead of just zeros is > probably only advantageous when a disk is being disposed of -- in which case > srm being a userspace tool is not a disadvantage. > > > Col Good point
Re: [Mageia-dev] RM replacement
Am 05.08.2011 14:58, schrieb andre999: Colin Guthrie a écrit : I think srm should just be a tool people use explicitly when they want to. When I think about it, deleting with a pattern instead of just zeros is probably only advantageous when a disk is being disposed of -- in which case srm being a userspace tool is not a disadvantage. Col Well, if you want to dispose the disk, then i'd use something like Dariks Boot and Nuke (DBAN): http://www.dban.org/ It offers really secure methods of overwriting your data with varying patterns, and if you want to dispose a whole disk. then maybe an userspace tool to delete single files is not the best suited tool, IMHO.
Re: [Mageia-dev] RM replacement
Colin Guthrie a écrit : 'Twas brillig, and andre999 at 05/08/11 06:50 did gyre and gimble: Luis Daniel Lucio Quiroz a écrit : Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit : Luis Daniel Lucio Quiroz a écrit : Helo, As my experience in security field, to make Mageia more available in enterprise environments, and specially those that are security paranoid, i'm planning to port SRM. SRM is a package that does a "secure" file deleting according some security standards (i dont remember right now names, i guess it is something in NIST, but that doesnt matter really). My question is, what should be the procedure that when you install srm, then the normal rm command could be replaced? i was thinking in pushing an alias but what other alternatives do i have? please comment, LD At first glance that sounds like a reasonable approach EXCEPT -- a system-level alias would be over-ridden by a user alias. A user could innocently have an alias such as : alias rm="rm -i" rm is in /bin - /bin/rm could be replaced with a link to srm, but I don't know if that would be considered acceptable. rm would have to be restored if srm were uninstalled - wouldn't a link in /usr/bin/rm be executed first ? Of course that doesn't cover execution with root privileges. An alias in root wouldn't necessarily work, as an admin could inadvertantly replace it with another. (By loading a new file with some changed alias, for example.) But probably less likely than some user doing the same on their profile. There could be other approaches as well ... :) You are right! :) Well another option could be this: a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or other name, that really doesnt matter), b. i change srm to install itself in /bin instead of /usr/bin c. we place alternatives in both packages to provide /bin/rm, giving preference to srm if installed, otherwise it will use rm of coreutils LD That would probably be the ideal approach. But it might take a while to get the changes accepted in coreutils. Maybe it could be all done from srm ? On srm install, a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?) b. create /bin/rm link to /bin/srm Definitely not. It's against the commandments: Thou shalt not mess with another packages' files. ok. I suspected that. It would be nice to have a list of these points for newer packagers. On srm uninstall, we ensure that a. rm /bin/rm link b. rename /bin/rm.vanilla to /bin/rm Hopefully that could be done reliably, with an uninstall script. No, this is very bad. It's what the alternatives system was designed to do for you, but I really don't think that something as fundamental as rm should be messed with in this way as I mentioned in my own email. srm is an add on userspace tool. To implement secure deletes properly, you would want support at a lower level (i.e in the kernel/fs). makes sense. I think srm should just be a tool people use explicitly when they want to. When I think about it, deleting with a pattern instead of just zeros is probably only advantageous when a disk is being disposed of -- in which case srm being a userspace tool is not a disadvantage. Col -- André
Re: [Mageia-dev] RM replacement
Buchan Milne skrev 5.8.2011 13:42: On Friday, 5 August 2011 12:14:14 Colin Guthrie wrote: Otherwise users may be duped into a false sense of security by installing the "secure deletes" package and then delete files thorough Nautilus or Konq under the false impression they are securely deleted. Or from another Mageia host with a stock rm over NFS or similar, or from a non-Mageia client via Samba, sftp or fish etc., DAV or any of the non- commandline ways of deleting a file. And another problem with "secure erase" both on tool and filesystem level... It wont work on SSDs due to their firmware implemented wear leveling ... really think srm should stay as parallell installable with original rm intact. -- Thomas
Re: [Mageia-dev] RM replacement
On Friday, 5 August 2011 12:14:14 Colin Guthrie wrote: > Otherwise users may be duped into a false sense of security by > installing the "secure deletes" package and then delete files thorough > Nautilus or Konq under the false impression they are securely deleted. Or from another Mageia host with a stock rm over NFS or similar, or from a non-Mageia client via Samba, sftp or fish etc., DAV or any of the non- commandline ways of deleting a file. Regards, Buchan
Re: [Mageia-dev] RM replacement
05.08.2011 13:17, Colin Guthrie kirjutas: I think srm should just be a tool people use explicitly when they want to. Col +1 -- Sander
Re: [Mageia-dev] RM replacement
'Twas brillig, and andre999 at 05/08/11 06:50 did gyre and gimble: > Luis Daniel Lucio Quiroz a écrit : >> Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit : >>> Luis Daniel Lucio Quiroz a écrit : Helo, As my experience in security field, to make Mageia more available in enterprise environments, and specially those that are security paranoid, i'm planning to port SRM. SRM is a package that does a "secure" file deleting according some security standards (i dont remember right now names, i guess it is something in NIST, but that doesnt matter really). My question is, what should be the procedure that when you install srm, then the normal rm command could be replaced? i was thinking in pushing an alias but what other alternatives do i have? please comment, LD >>> >>> At first glance that sounds like a reasonable approach EXCEPT -- a >>> system-level alias would be over-ridden by a user alias. >>> A user could innocently have an alias such as : >>> alias rm="rm -i" >>> >>> rm is in /bin >>> - /bin/rm could be replaced with a link to srm, but I don't know if that >>> would be considered acceptable. >>> rm would have to be restored if srm were uninstalled >>> >>> - wouldn't a link in /usr/bin/rm be executed first ? >>> Of course that doesn't cover execution with root privileges. >>> An alias in root wouldn't necessarily work, as an admin could >>> inadvertantly >>> replace it with another. (By loading a new file with some changed >>> alias, >>> for example.) >>> But probably less likely than some user doing the same on their profile. >>> >>> There could be other approaches as well ... :) >> >> You are right! :) >> >> Well another option could be this: >> >> a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or >> other name, >> that really doesnt matter), >> b. i change srm to install itself in /bin instead of /usr/bin >> c. we place alternatives in both packages to provide /bin/rm, giving >> preference to srm if installed, otherwise it will use rm of coreutils >> >> LD > > That would probably be the ideal approach. But it might take a while to > get the changes accepted in coreutils. > > Maybe it could be all done from srm ? > On srm install, > a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?) > b. create /bin/rm link to /bin/srm Definitely not. It's against the commandments: Thou shalt not mess with another packages' files. > On srm uninstall, we ensure that > a. rm /bin/rm link > b. rename /bin/rm.vanilla to /bin/rm > > Hopefully that could be done reliably, with an uninstall script. No, this is very bad. It's what the alternatives system was designed to do for you, but I really don't think that something as fundamental as rm should be messed with in this way as I mentioned in my own email. srm is an add on userspace tool. To implement secure deletes properly, you would want support at a lower level (i.e in the kernel/fs). I think srm should just be a tool people use explicitly when they want to. Col -- Colin Guthrie mageia(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mageia Contributor [http://www.mageia.org/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/]
Re: [Mageia-dev] RM replacement
'Twas brillig, and Luis Daniel Lucio Quiroz at 05/08/11 02:16 did gyre and gimble: > Le Vendredi 05 Août 2011 02:03:22 nicolas vigier a écrit : >> On Fri, 05 Aug 2011, Colin Guthrie wrote: >>> 'Twas brillig, and Luis Daniel Lucio Quiroz at 04/08/11 21:26 did gyre >>> >>> and gimble: Helo, As my experience in security field, to make Mageia more available in enterprise environments, and specially those that are security paranoid, i'm planning to port SRM. SRM is a package that does a "secure" file deleting according some security standards (i dont remember right now names, i guess it is something in NIST, but that doesnt matter really). My question is, what should be the procedure that when you install srm, then the normal rm command could be replaced? i was thinking in pushing an alias but what other alternatives do i have? >>> >>> Well you could theoretically use alternatives, but I would suspect that >>> such a fundamental tool as rm would probably be very dangerous to >>> package in that way (the alternatives scripts themselves may use rm!) >>> >>> So I think an alias would be best, but it'll only cover users/scripts >>> calling rm and not general unlinking... It likely won't cover GUIs and >>> other deletion methods. With that in mind, is it work aliasing rm at all >>> seeing as it'll only catch a subset of "delete" operations? You wouldn't >>> want to give a false sense of security after all... >> >> Yes, this would be better done on filesystem/kernel. Like this : >> http://thread.gmane.org/gmane.comp.file-systems.ext4/26548 > > I got your poing, however i remember that SRM uses some specific algorithmis > that are recomended in NIST, thats why i remember we chose SRM and we void > zero filling techniques. Even still, Nicolas's point remains that this system (even if it uses special algorithms rather than just zero'ing) would be better implemented somewhere lower rather than in a single userspace tool. I'm not saying the userspace tool is not useful in the event that the underlying system does not have the capabilities, but using an alias or otherwise making the standard rm command == srm, is IMO just a token gesture and does not really address wider security concerns. IMO it would be better to just provide the tool and let people who specifically want secure delete use it manually when needed. Otherwise users may be duped into a false sense of security by installing the "secure deletes" package and then delete files thorough Nautilus or Konq under the false impression they are securely deleted. That's just my thoughts on it tho'. :) Col -- Colin Guthrie mageia(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mageia Contributor [http://www.mageia.org/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/]
Re: [Mageia-dev] RM replacement
Luis Daniel Lucio Quiroz a écrit : Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit : Luis Daniel Lucio Quiroz a écrit : Helo, As my experience in security field, to make Mageia more available in enterprise environments, and specially those that are security paranoid, i'm planning to port SRM. SRM is a package that does a "secure" file deleting according some security standards (i dont remember right now names, i guess it is something in NIST, but that doesnt matter really). My question is, what should be the procedure that when you install srm, then the normal rm command could be replaced? i was thinking in pushing an alias but what other alternatives do i have? please comment, LD At first glance that sounds like a reasonable approach EXCEPT -- a system-level alias would be over-ridden by a user alias. A user could innocently have an alias such as : alias rm="rm -i" rm is in /bin - /bin/rm could be replaced with a link to srm, but I don't know if that would be considered acceptable. rm would have to be restored if srm were uninstalled - wouldn't a link in /usr/bin/rm be executed first ? Of course that doesn't cover execution with root privileges. An alias in root wouldn't necessarily work, as an admin could inadvertantly replace it with another. (By loading a new file with some changed alias, for example.) But probably less likely than some user doing the same on their profile. There could be other approaches as well ... :) You are right! :) Well another option could be this: a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or other name, that really doesnt matter), b. i change srm to install itself in /bin instead of /usr/bin c. we place alternatives in both packages to provide /bin/rm, giving preference to srm if installed, otherwise it will use rm of coreutils LD That would probably be the ideal approach. But it might take a while to get the changes accepted in coreutils. Maybe it could be all done from srm ? On srm install, a. rename /bin/rm to /bin/rm.vanilla (or rm.original or ?) b. create /bin/rm link to /bin/srm On srm uninstall, we ensure that a. rm /bin/rm link b. rename /bin/rm.vanilla to /bin/rm Hopefully that could be done reliably, with an uninstall script. -- André
Re: [Mageia-dev] RM replacement
Le Vendredi 05 Août 2011 02:03:22 nicolas vigier a écrit : > On Fri, 05 Aug 2011, Colin Guthrie wrote: > > 'Twas brillig, and Luis Daniel Lucio Quiroz at 04/08/11 21:26 did gyre > > > > and gimble: > > > Helo, > > > > > > As my experience in security field, to make Mageia more available in > > > enterprise environments, and specially those that are security > > > paranoid, i'm planning to port SRM. SRM is a package that does a > > > "secure" file deleting according some security standards (i dont > > > remember right now names, i guess it is something in NIST, but that > > > doesnt matter really). > > > > > > My question is, what should be the procedure that when you install > > > srm, then the normal rm command could be replaced? i was thinking > > > in pushing an alias but what other alternatives do i have? > > > > Well you could theoretically use alternatives, but I would suspect that > > such a fundamental tool as rm would probably be very dangerous to > > package in that way (the alternatives scripts themselves may use rm!) > > > > So I think an alias would be best, but it'll only cover users/scripts > > calling rm and not general unlinking... It likely won't cover GUIs and > > other deletion methods. With that in mind, is it work aliasing rm at all > > seeing as it'll only catch a subset of "delete" operations? You wouldn't > > want to give a false sense of security after all... > > Yes, this would be better done on filesystem/kernel. Like this : > http://thread.gmane.org/gmane.comp.file-systems.ext4/26548 I got your poing, however i remember that SRM uses some specific algorithmis that are recomended in NIST, thats why i remember we chose SRM and we void zero filling techniques. LD
Re: [Mageia-dev] RM replacement
On Fri, 05 Aug 2011, Colin Guthrie wrote: > 'Twas brillig, and Luis Daniel Lucio Quiroz at 04/08/11 21:26 did gyre > and gimble: > > Helo, > > > > As my experience in security field, to make Mageia more available in > > enterprise > > environments, and specially those that are security paranoid, i'm planning > > to > > port SRM. SRM is a package that does a "secure" file deleting according > > some > > security standards (i dont remember right now names, i guess it is > > something > > in NIST, but that doesnt matter really). > > > > My question is, what should be the procedure that when you install srm, > > then > > the normal rm command could be replaced? i was thinking in pushing an > > alias > > but what other alternatives do i have? > > Well you could theoretically use alternatives, but I would suspect that > such a fundamental tool as rm would probably be very dangerous to > package in that way (the alternatives scripts themselves may use rm!) > > So I think an alias would be best, but it'll only cover users/scripts > calling rm and not general unlinking... It likely won't cover GUIs and > other deletion methods. With that in mind, is it work aliasing rm at all > seeing as it'll only catch a subset of "delete" operations? You wouldn't > want to give a false sense of security after all... Yes, this would be better done on filesystem/kernel. Like this : http://thread.gmane.org/gmane.comp.file-systems.ext4/26548
Re: [Mageia-dev] RM replacement
Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit : > Luis Daniel Lucio Quiroz a écrit : > > Helo, > > > > As my experience in security field, to make Mageia more available in > > enterprise environments, and specially those that are security > > paranoid, i'm planning to port SRM. SRM is a package that does a > > "secure" file deleting according some security standards (i dont > > remember right now names, i guess it is something in NIST, but that > > doesnt matter really). > > > > My question is, what should be the procedure that when you install srm, > > then the normal rm command could be replaced? i was thinking in > > pushing an alias but what other alternatives do i have? > > > > please comment, > > > > LD > > At first glance that sounds like a reasonable approach EXCEPT -- a > system-level alias would be over-ridden by a user alias. > A user could innocently have an alias such as : > alias rm="rm -i" > > rm is in /bin > - /bin/rm could be replaced with a link to srm, but I don't know if that > would be considered acceptable. > rm would have to be restored if srm were uninstalled > > - wouldn't a link in /usr/bin/rm be executed first ? > Of course that doesn't cover execution with root privileges. > An alias in root wouldn't necessarily work, as an admin could inadvertantly > replace it with another. (By loading a new file with some changed alias, > for example.) > But probably less likely than some user doing the same on their profile. > > There could be other approaches as well ... :) You are right! :) Well another option could be this: a. we change coreutils to install /bin/rm as /bin/rm.vanilla (or other name, that really doesnt matter), b. i change srm to install itself in /bin instead of /usr/bin c. we place alternatives in both packages to provide /bin/rm, giving preference to srm if installed, otherwise it will use rm of coreutils LD
Re: [Mageia-dev] RM replacement
Luis Daniel Lucio Quiroz a écrit : Helo, As my experience in security field, to make Mageia more available in enterprise environments, and specially those that are security paranoid, i'm planning to port SRM. SRM is a package that does a "secure" file deleting according some security standards (i dont remember right now names, i guess it is something in NIST, but that doesnt matter really). My question is, what should be the procedure that when you install srm, then the normal rm command could be replaced? i was thinking in pushing an alias but what other alternatives do i have? please comment, LD At first glance that sounds like a reasonable approach EXCEPT -- a system-level alias would be over-ridden by a user alias. A user could innocently have an alias such as : alias rm="rm -i" rm is in /bin - /bin/rm could be replaced with a link to srm, but I don't know if that would be considered acceptable. rm would have to be restored if srm were uninstalled - wouldn't a link in /usr/bin/rm be executed first ? Of course that doesn't cover execution with root privileges. An alias in root wouldn't necessarily work, as an admin could inadvertantly replace it with another. (By loading a new file with some changed alias, for example.) But probably less likely than some user doing the same on their profile. There could be other approaches as well ... :) -- André
Re: [Mageia-dev] RM replacement
'Twas brillig, and Luis Daniel Lucio Quiroz at 04/08/11 21:26 did gyre and gimble: > Helo, > > As my experience in security field, to make Mageia more available in > enterprise > environments, and specially those that are security paranoid, i'm planning to > port SRM. SRM is a package that does a "secure" file deleting according some > security standards (i dont remember right now names, i guess it is something > in NIST, but that doesnt matter really). > > My question is, what should be the procedure that when you install srm, then > the normal rm command could be replaced? i was thinking in pushing an alias > but what other alternatives do i have? Well you could theoretically use alternatives, but I would suspect that such a fundamental tool as rm would probably be very dangerous to package in that way (the alternatives scripts themselves may use rm!) So I think an alias would be best, but it'll only cover users/scripts calling rm and not general unlinking... It likely won't cover GUIs and other deletion methods. With that in mind, is it work aliasing rm at all seeing as it'll only catch a subset of "delete" operations? You wouldn't want to give a false sense of security after all... Col -- Colin Guthrie mageia(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mageia Contributor [http://www.mageia.org/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/]
[Mageia-dev] RM replacement
Helo, As my experience in security field, to make Mageia more available in enterprise environments, and specially those that are security paranoid, i'm planning to port SRM. SRM is a package that does a "secure" file deleting according some security standards (i dont remember right now names, i guess it is something in NIST, but that doesnt matter really). My question is, what should be the procedure that when you install srm, then the normal rm command could be replaced? i was thinking in pushing an alias but what other alternatives do i have? please comment, LD
