[Mageia-dev] RM replacement

[andre999]

Luis Daniel Lucio Quiroz a écrit :
> Helo,
>
> As my experience in security field, to make Mageia more available in enterprise
> environments, and specially those that are security paranoid, i'm planning to
> port SRM.  SRM is a package that does a "secure" file deleting according some
> security standards (i dont remember right now names, i guess it is something
> in NIST, but that doesnt matter really).
>
> My question is, what should be the procedure that when you install srm, then
> the normal rm command could be replaced?  i was thinking in pushing an alias
> but what other alternatives do i have?
>
> please comment,
>
> LD

At first glance that sounds like a reasonable approach EXCEPT -- a system-level 
alias would be over-ridden by a user alias.
A user could innocently have an alias such as :
alias rm="rm -i"

rm is in /bin
- /bin/rm could be replaced with a link to srm, but I don't know if that would 
be considered acceptable.
rm would have to be restored if srm were uninstalled

- wouldn't a link in /usr/bin/rm be executed first ?
Of course that doesn't cover execution with root privileges.
An alias in root wouldn't necessarily work, as an admin could inadvertantly 
replace it with another.  (By loading a new file with some changed alias, for 
example.)
But probably less likely than some user doing the same on their profile.

There could be other approaches as well ... :)

-- 
André