[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tool in /bin

On Thu, Jul 27, 2006 at 05:14:28PM +0200, Robert Lemmen wrote:
> On Thu, Jul 27, 2006 at 10:06:32AM -0400, Justin Pryzby wrote:
> > I'll note that if chattr +s was implemented for ext[23], a local
> > diversion of /bin/rm would be sufficient.
> 
> i don't quite understand this. the way i understand the attribute, it
> advises the kernel that the file should be deleted ina secure way, which
> means it (the kernel) would have to implement something like
> secure-delete and run it if it unlinks a file with that attribute,
> right? but the kernel does not implement that, and if it would, the same
> problem would lie there. the cleanest way would probably to pass that
> data down to the actual filesystem, which knows how to securely wipe a
> file from all it's journaled blocks and so on. is that what you meant?
If it could be reasonably assumed that chattr +s would work (if it
were implemented for the kernel/filesystem in use), then one could
dpkg-divert --rename /bin/rm and create a new wrapper /bin/rm:

  #! /bin/sh
  set -e
  chattr +s -- "$@"
  exec rm.local "$@"

Justin
Reply to: