[Mageia-dev] RM replacement

Colin Guthrie mageia at colin.guthr.ie
Fri Aug 5 12:14:14 CEST 2011 

'Twas brillig, and Luis Daniel Lucio Quiroz at 05/08/11 02:16 did gyre
and gimble:
> Le Vendredi 05 Août 2011 02:03:22 nicolas vigier a écrit :
>> On Fri, 05 Aug 2011, Colin Guthrie wrote:
>>> 'Twas brillig, and Luis Daniel Lucio Quiroz at 04/08/11 21:26 did gyre
>>>
>>> and gimble:
>>>> Helo,
>>>>
>>>> As my experience in security field, to make Mageia more available in
>>>> enterprise environments, and specially those that are security
>>>> paranoid, i'm planning to port SRM.  SRM is a package that does a
>>>> "secure" file deleting according some security standards (i dont
>>>> remember right now names, i guess it is something in NIST, but that
>>>> doesnt matter really).
>>>>
>>>> My question is, what should be the procedure that when you install
>>>> srm, then the normal rm command could be replaced?  i was thinking
>>>> in pushing an alias but what other alternatives do i have?
>>>
>>> Well you could theoretically use alternatives, but I would suspect that
>>> such a fundamental tool as rm would probably be very dangerous to
>>> package in that way (the alternatives scripts themselves may use rm!)
>>>
>>> So I think an alias would be best, but it'll only cover users/scripts
>>> calling rm and not general unlinking... It likely won't cover GUIs and
>>> other deletion methods. With that in mind, is it work aliasing rm at all
>>> seeing as it'll only catch a subset of "delete" operations? You wouldn't
>>> want to give a false sense of security after all...
>>
>> Yes, this would be better done on filesystem/kernel. Like this :
>> http://thread.gmane.org/gmane.comp.file-systems.ext4/26548
> 
> I got your poing,  however i remember that SRM uses some specific algorithmis 
> that are recomended in NIST, thats why i remember we chose SRM and we void 
> zero filling techniques.

Even still, Nicolas's point remains that this system (even if it uses
special algorithms rather than just zero'ing) would be better
implemented somewhere lower rather than in a single userspace tool.

I'm not saying the userspace tool is not useful in the event that the
underlying system does not have the capabilities, but using an alias or
otherwise making the standard rm command == srm, is IMO just a token
gesture and does not really address wider security concerns.

IMO it would be better to just provide the tool and let people who
specifically want secure delete use it manually when needed.

Otherwise users may be duped into a false sense of security by
installing the "secure deletes" package and then delete files thorough
Nautilus or Konq under the false impression they are securely deleted.

That's just my thoughts on it tho'. :)

Col

-- 

Colin Guthrie
mageia(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
  Mageia Contributor [http://www.mageia.org/]
  PulseAudio Hacker [http://www.pulseaudio.org/]
  Trac Hacker [http://trac.edgewall.org/]

More information about the Mageia-dev mailing list