'Twas brillig, and Luis Daniel Lucio Quiroz at 05/08/11 02:16 did gyre and gimble: > Le Vendredi 05 Août 2011 02:03:22 nicolas vigier a écrit : >> On Fri, 05 Aug 2011, Colin Guthrie wrote: >>> 'Twas brillig, and Luis Daniel Lucio Quiroz at 04/08/11 21:26 did gyre >>> >>> and gimble: >>>> Helo, >>>> >>>> As my experience in security field, to make Mageia more available in >>>> enterprise environments, and specially those that are security >>>> paranoid, i'm planning to port SRM. SRM is a package that does a >>>> "secure" file deleting according some security standards (i dont >>>> remember right now names, i guess it is something in NIST, but that >>>> doesnt matter really). >>>> >>>> My question is, what should be the procedure that when you install >>>> srm, then the normal rm command could be replaced? i was thinking >>>> in pushing an alias but what other alternatives do i have? >>> >>> Well you could theoretically use alternatives, but I would suspect that >>> such a fundamental tool as rm would probably be very dangerous to >>> package in that way (the alternatives scripts themselves may use rm!) >>> >>> So I think an alias would be best, but it'll only cover users/scripts >>> calling rm and not general unlinking... It likely won't cover GUIs and >>> other deletion methods. With that in mind, is it work aliasing rm at all >>> seeing as it'll only catch a subset of "delete" operations? You wouldn't >>> want to give a false sense of security after all... >> >> Yes, this would be better done on filesystem/kernel. Like this : >> http://thread.gmane.org/gmane.comp.file-systems.ext4/26548 > > I got your poing, however i remember that SRM uses some specific algorithmis > that are recomended in NIST, thats why i remember we chose SRM and we void > zero filling techniques.
Even still, Nicolas's point remains that this system (even if it uses special algorithms rather than just zero'ing) would be better implemented somewhere lower rather than in a single userspace tool. I'm not saying the userspace tool is not useful in the event that the underlying system does not have the capabilities, but using an alias or otherwise making the standard rm command == srm, is IMO just a token gesture and does not really address wider security concerns. IMO it would be better to just provide the tool and let people who specifically want secure delete use it manually when needed. Otherwise users may be duped into a false sense of security by installing the "secure deletes" package and then delete files thorough Nautilus or Konq under the false impression they are securely deleted. That's just my thoughts on it tho'. :) Col -- Colin Guthrie mageia(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mageia Contributor [http://www.mageia.org/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/]
