On Thu, Jul 27, 2006 at 01:59:27PM +0200, Goswin von Brederlow wrote: > Justin Pryzby <[EMAIL PROTECTED]> writes: > > > On Tue, Jul 25, 2006 at 11:20:34AM +0200, Robert Lemmen wrote: > >> hi folks, > >> > >> i have a bug report (#377687) which asks for a secure deletion tool to > >> be installed in /bin instead of /usr/bin so you can use it in > >> maintenance mode. makes sense in a way, and is possible when you look at > >> the library dependencies. but should it be done? i didn't find anything > >> in the policy on what to put in /bin, and the FHS doesn't really help. > >> so what do you think? should such a tool live in /bin? > > /[s]bin and /lib should be the minimal set of tools needed to boot the > > system, before /usr is mounted, or needed to restore the system if > > /usr is corrupted (eg. by [re]installing packages). The submitter > > wants to be able to have the bootscripts use a "shred"-like > > alternative to /bin/rm to inhibit undeletion of datafiles. I wonder > > what files are removed during boot that benefit (presumably from a > > security POV) from this? > > And what tool does implement shredding in a way that destroy data with > a journaling filesystem that doesn't reuse its data blocks, i.e. if > you overwrite the file with random data different blocks are used. That is another question :)
I'll note that if chattr +s was implemented for ext[23], a local diversion of /bin/rm would be sufficient. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
