On Tue, 26 Aug 2014 20:07:00 -0700 Josh Triplett <j...@joshtriplett.org> wrote: > Package: safe-rm > Severity: normal > > [As discussed at DebConf 14.] > > I'm working on making it possible to merge /bin and /sbin into /usr/bin > and /usr/sbin respectively. As a first step towards that, I'm planning > to propose a Debian Policy change to prohibit conflicts between > /bin/$foo and /usr/bin/$foo, and likewise for sbin. safe-rm is one of > only two packages that contains such a conflict: it installs > /usr/bin/rm, which would conflict with /bin/rm. > > In order to fix this while preserving safe-rm's default of automatic > protection on installation, safe-rm will need to divert and replace > /bin/rm. This will require quite a bit of care to do safely; see dash's > maintainer scripts for a safe procedure. > > Since safe-rm currently uses Perl, this change will also require one of > two approaches: either provide a small wrapper C program that attempts > to run /usr/bin/safe-rm and falls back to /bin/rm if that fails, or > rewrite safe-rm in C.
In Ubuntu, an alternative solution might be possible. Instead of installing /usr/bin/rm symlink, install /usr/sbin/rm symlink. Since on Ubuntu, sbin is in the default path for all users. I'm not sure if installing the symlink in /usr/sbin is suitable for Debian as well or not. Given that the most paths protected by safe-rm by default require root privileges to be deleted, thus it kind of makes sense having safe-rm only for the root/privileged accounts by default. Or for example, safe-rm, could install a pam.d / environment.d snippets to inject sbin path for all users. Maybe that's a bit too drastic, but would not require a rewrite in C. However, safe-rm feels to me like a very drastic system-wide change anyway. If injecting sbin for everybody is too much, safe-rm could for example install /usr/bin/safe-rm-bin/rm symlink, and then prepend /usr/bin/safe-rm-bin/ into PATH for all users. Regards, Dimitri.
