From: Bodo Eggert <7eggert@elstempel.de>
To: Lew Palm <lew@tzi.de>,
"Jeffrey V. Merkey" <jmerkey@wolfmountaingroup.com>,
linux-kernel@vger.kernel.org
Subject: Re: ext4 features
Date: Thu, 06 Jul 2006 00:40:58 +0200 [thread overview]
Message-ID: <E1FyG3b-00015e-Js@be1.lrz> (raw)
In-Reply-To: 6vfLY-4K5-33@gated-at.bofh.it
Lew Palm <lew@tzi.de> wrote:
> Jeffrey V. Merkey wrote:
>> The old novell model is simple. When someone unlinks a file, don't
>> delete it, just mv it to another special directory called DELETED.SAV.
>> Then setup the
>> fs space allocation to reuse these files when the drive fills up by
>> oldest files first. It's very simple. Then you have a salvagable file
>> system.
>
> A complete foolproof car is a car with a maximum speed of 0 mph.
> As a user I give commands to my computer, for example an order to delete a
> file. And this is what I expect it to do.
You don't delete a file but a filename, and that's what your system will
still do.
> If I want it to move a file to another position in the filesystem, I would
> use another command. I don't want my operating system to josh me, that's why
> I use Linux.
> Stealthy keeping of deleted files somewhere is a security black hole.
Depending on unlinked file to be inaccessible and never have been copied
just because you called unlink is the real security hole.
> But accidents happen. Hardware perishes, users are making mistakes, sometimes
> coffee is pouring...
> That's why we backup important data regulary.
And the salvaging fs will do exactly this whenever you unlink() the final
reference. You could also use a userspace library catching each unlink call,
but it would also have to intercept each write() call for each user and
try to reclaim the backup copies on disk-full and would-have-to-fragment
events. Off cause there are no userspace-visible would-have-to-fragment
events, so besides being ugly a userspace solution would not be able to
completely provide the same service.
> A not-really-deleting-filesystem wouldn't relieve us of that duty, but would
> make a system more insecure and ambiguous.
It's just a marginal shift. If you can't trust yourself, you've lost. If
you can't trust the current root, you're screwed, too. If you can't trust
a future root, the time window in which the file can be recovered will
slightly increase and the needed knowledge will be reduced. Otherwise, there
is no change.
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
http://david.woodhou.se/why-not-spf.html
next prev parent reply other threads:[~2006-07-05 22:41 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6tVcC-1e1-79@gated-at.bofh.it>
[not found] ` <6tVcC-1e1-81@gated-at.bofh.it>
[not found] ` <6tVcC-1e1-83@gated-at.bofh.it>
[not found] ` <6tWib-2Ly-7@gated-at.bofh.it>
[not found] ` <6uDdv-7bs-3@gated-at.bofh.it>
[not found] ` <6uDGF-7Nj-47@gated-at.bofh.it>
[not found] ` <6uDQb-8e8-9@gated-at.bofh.it>
[not found] ` <6uDQb-8e8-13@gated-at.bofh.it>
[not found] ` <6uE9y-d1-1@gated-at.bofh.it>
[not found] ` <6uPom-87W-23@gated-at.bofh.it>
2006-07-04 12:28 ` ext4 features Bodo Eggert
2006-07-04 15:32 ` Valdis.Kletnieks
[not found] ` <6uRq6-2Dl-9@gated-at.bofh.it>
[not found] ` <6uRJx-30t-5@gated-at.bofh.it>
[not found] ` <6uVN4-AN-9@gated-at.bofh.it>
2006-07-05 14:09 ` ext4 features (salvage) Bodo Eggert
[not found] ` <6uEMp-1gr-41@gated-at.bofh.it>
[not found] ` <6uUo2-6SN-5@gated-at.bofh.it>
[not found] ` <6uW6v-15i-19@gated-at.bofh.it>
[not found] ` <6vfLY-4K5-33@gated-at.bofh.it>
2006-07-05 22:40 ` Bodo Eggert [this message]
[not found] ` <6uXYv-3RG-1@gated-at.bofh.it>
[not found] ` <6veG8-350-7@gated-at.bofh.it>
[not found] ` <6vfiU-465-13@gated-at.bofh.it>
[not found] ` <6vmNk-77r-23@gated-at.bofh.it>
[not found] ` <6vnq7-7Tw-55@gated-at.bofh.it>
[not found] ` <6vrN0-5Se-9@gated-at.bofh.it>
[not found] ` <6vBsY-38p-9@gated-at.bofh.it>
2006-07-07 9:38 ` ext4 features Bodo Eggert
2006-07-07 14:37 ` Trond Myklebust
2006-07-09 9:50 ` Bodo Eggert
2006-07-08 2:22 Chuck Ebbert
-- strict thread matches above, loose matches on Subject: below --
2006-07-01 16:33 Thomas Glanzmann
2006-07-01 17:07 ` Tomasz Torcz
2006-07-01 17:47 ` Thomas Glanzmann
2006-07-01 18:09 ` Claudio Martins
2006-07-01 18:59 ` Thomas Glanzmann
2006-07-01 18:17 ` Tomasz Torcz
2006-07-03 9:44 ` Gabor Gombas
2006-07-03 20:22 ` Helge Hafting
2006-07-03 20:55 ` Tomasz Torcz
2006-07-03 21:01 ` Arjan van de Ven
2006-07-03 21:46 ` Jeff V. Merkey
2006-07-03 21:25 ` Diego Calleja
2006-07-03 22:17 ` Alan Cox
2006-07-04 14:45 ` Jan Engelhardt
2006-07-04 16:35 ` Jeffrey V. Merkey
2006-07-04 18:52 ` Jeff Garzik
2006-07-04 19:40 ` Jeffrey V. Merkey
2006-07-05 13:35 ` Lew Palm
2006-07-03 23:01 ` Jeff V. Merkey
2006-07-04 9:14 ` Benny Amorsen
2006-07-05 4:21 ` Bill Davidsen
2006-07-05 5:13 ` H. Peter Anvin
2006-07-05 5:45 ` Jeffrey V. Merkey
2006-07-07 14:12 ` Pavel Machek
2006-07-05 10:38 ` Krzysztof Halasa
2006-07-07 14:10 ` Pavel Machek
2006-07-07 17:45 ` Krzysztof Halasa
2006-07-07 21:30 ` Pavel Machek
2006-07-08 10:52 ` Krzysztof Halasa
2006-07-08 10:55 ` Pavel Machek
2006-07-08 11:19 ` Krzysztof Halasa
2006-07-08 11:23 ` Pavel Machek
2006-07-08 18:45 ` Avi Kivity
2006-07-08 20:24 ` Krzysztof Halasa
2006-07-04 9:22 ` Petr Tesarik
2006-07-04 11:35 ` Peter Zijlstra
2006-07-04 15:25 ` Pavel Machek
2006-07-05 4:10 ` Bill Davidsen
2006-07-03 21:46 ` Valdis.Kletnieks
2006-07-04 11:14 ` Krzysztof Halasa
2006-07-04 22:35 ` Frank van Maarseveen
2006-07-04 23:47 ` Claudio Martins
2006-07-03 22:12 ` Alan Cox
2006-07-03 21:59 ` Arjan van de Ven
2006-07-03 21:34 ` Bill Davidsen
2006-07-03 21:50 ` Valdis.Kletnieks
2006-07-03 22:04 ` Bruce Ferrell
2006-07-04 14:48 ` Valdis.Kletnieks
2006-07-03 23:00 ` Bill Davidsen
2006-07-04 15:01 ` Valdis.Kletnieks
2006-07-05 2:40 ` Bill Davidsen
2006-07-05 2:47 ` Valdis.Kletnieks
2006-07-04 12:52 ` Helge Hafting
2006-07-06 15:12 ` Ric Wheeler
2006-07-06 17:05 ` Krzysztof Halasa
2006-07-06 17:27 ` Ric Wheeler
2006-07-06 20:52 ` Valdis.Kletnieks
2006-07-07 17:41 ` Krzysztof Halasa
2006-07-07 17:34 ` Krzysztof Halasa
2006-07-04 1:02 ` Theodore Tso
2006-07-04 19:16 ` Thomas Glanzmann
2006-07-04 19:30 ` Valdis.Kletnieks
2006-07-05 12:24 ` Bill Davidsen
2006-07-05 12:59 ` J. Bruce Fields
2006-07-05 13:17 ` Pádraig Brady
2006-07-05 19:33 ` Trond Myklebust
2006-07-05 21:22 ` Bill Davidsen
2006-07-05 21:42 ` Trond Myklebust
2006-07-08 21:04 ` Bill Davidsen
2006-07-10 20:08 ` Trond Myklebust
2006-07-10 22:37 ` Bill Davidsen
2006-07-11 2:36 ` Trond Myklebust
2006-07-21 3:10 ` Bill Davidsen
2006-07-21 12:06 ` Trond Myklebust
2006-07-21 14:36 ` Theodore Tso
2006-07-21 19:02 ` Trond Myklebust
2006-07-22 12:25 ` Theodore Tso
2006-07-05 21:12 ` Bill Davidsen
2006-07-05 21:27 ` linux-os (Dick Johnson)
2006-07-05 21:41 ` J. Bruce Fields
2006-07-06 2:32 ` Bill Davidsen
2006-07-06 2:42 ` Nigel Cunningham
2006-07-06 12:43 ` Trond Myklebust
2006-07-07 2:15 ` Bill Davidsen
2006-07-07 2:30 ` Trond Myklebust
2006-07-07 2:42 ` Ric Wheeler
2006-07-07 2:46 ` Trond Myklebust
2006-07-07 3:16 ` Bill Davidsen
2006-07-07 8:09 ` Bernd Petrovitsch
2006-07-07 14:56 ` Trond Myklebust
2006-07-07 19:52 ` Theodore Tso
2006-07-05 14:04 ` Avi Kivity
2006-07-04 14:36 ` Andi Kleen
2006-07-04 14:43 ` Thomas Glanzmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1FyG3b-00015e-Js@be1.lrz \
--to=7eggert@elstempel.de \
--cc=7eggert@gmx.de \
--cc=jmerkey@wolfmountaingroup.com \
--cc=lew@tzi.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.