Re: tool in /bin
On Thu, Jul 27, 2006 at 01:59:27PM +0200, Goswin von Brederlow wrote:
> Justin Pryzby <email@example.com> writes:
> > On Tue, Jul 25, 2006 at 11:20:34AM +0200, Robert Lemmen wrote:
> >> hi folks,
> >> i have a bug report (#377687) which asks for a secure deletion tool to
> >> be installed in /bin instead of /usr/bin so you can use it in
> >> maintenance mode. makes sense in a way, and is possible when you look at
> >> the library dependencies. but should it be done? i didn't find anything
> >> in the policy on what to put in /bin, and the FHS doesn't really help.
> >> so what do you think? should such a tool live in /bin?
> > /[s]bin and /lib should be the minimal set of tools needed to boot the
> > system, before /usr is mounted, or needed to restore the system if
> > /usr is corrupted (eg. by [re]installing packages). The submitter
> > wants to be able to have the bootscripts use a "shred"-like
> > alternative to /bin/rm to inhibit undeletion of datafiles. I wonder
> > what files are removed during boot that benefit (presumably from a
> > security POV) from this?
> And what tool does implement shredding in a way that destroy data with
> a journaling filesystem that doesn't reuse its data blocks, i.e. if
> you overwrite the file with random data different blocks are used.
That is another question :)
I'll note that if chattr +s was implemented for ext, a local
diversion of /bin/rm would be sufficient.