[Mageia-dev] RM replacement

[Luis Daniel Lucio Quiroz]

Le Jeudi 04 Août 2011 18:39:35 andre999 a écrit :
> Luis Daniel Lucio Quiroz a écrit :
> > Helo,
> > 
> > As my experience in security field, to make Mageia more available in
> > enterprise environments, and specially those that are security
> > paranoid, i'm planning to port SRM.  SRM is a package that does a
> > "secure" file deleting according some security standards (i dont
> > remember right now names, i guess it is something in NIST, but that
> > doesnt matter really).
> > 
> > My question is, what should be the procedure that when you install srm,
> > then the normal rm command could be replaced?  i was thinking in
> > pushing an alias but what other alternatives do i have?
> > 
> > please comment,
> > 
> > LD
> 
> At first glance that sounds like a reasonable approach EXCEPT -- a
> system-level alias would be over-ridden by a user alias.
> A user could innocently have an alias such as :
> alias rm="rm -i"
> 
> rm is in /bin
> - /bin/rm could be replaced with a link to srm, but I don't know if that
> would be considered acceptable.
> rm would have to be restored if srm were uninstalled
> 
> - wouldn't a link in /usr/bin/rm be executed first ?
> Of course that doesn't cover execution with root privileges.
> An alias in root wouldn't necessarily work, as an admin could inadvertantly
> replace it with another.  (By loading a new file with some changed alias,
> for example.)
> But probably less likely than some user doing the same on their profile.
> 
> There could be other approaches as well ... :)

You are right! :)

Well another option could be this:

a. we change coreutils to install /bin/rm as  /bin/rm.vanilla (or other name, 
that really doesnt matter),
b. i change srm to install itself in /bin instead of /usr/bin
c. we place alternatives in both packages to provide /bin/rm, giving 
preference to srm if installed, otherwise it will use rm of coreutils

LD