From: Ingo Molnar <mingo@elte.hu>
To: Linus Torvalds <torvalds@osdl.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>, git@vger.kernel.org
Subject: enforcing DB immutability
Date: Wed, 20 Apr 2005 09:40:53 +0200	[thread overview]
Message-ID: <20050420074053.GA22436@elte.hu> (raw)
In-Reply-To: <Pine.LNX.4.58.0504131404380.4501@ppc970.osdl.org>
* Linus Torvalds <torvalds@osdl.org> wrote:
> On Wed, 13 Apr 2005, Ingo Molnar wrote:
> > 
> > well, the 'owned by another user' solution is valid though, and doesnt 
> > have this particular problem. (We've got a secure multiuser OS, so can 
> > as well use it to protect the DB against corruption.)
> 
> So now you need root to set up new repositories? No thanks.
yeah, it's a bit awkward to protect uncompressed repositories - but it 
will need some sort of kernel enforcement. (if userspace finds out the 
DB contains uncompressed blobs, it _will_ try to use them.)
(perhaps having an in-kernel GIT-alike versioned filesystem will help - 
but that brings up the same 'I have to be root' issues. The FS will 
enforce the true immutability of objects.)
perhaps having a new 'immutable hardlink' feature in the Linux VFS would 
help? I.e. a hardlink that can only be readonly followed, and can be 
removed, but cannot be chmod-ed to a writeable hardlink. That i think 
would be a large enough barrier for editors/build-tools not to play the 
tricks they already do that makes 'readonly' files virtually 
meaningless.
	Ingo
next prev parent reply	other threads:[~2005-04-20  7:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <425C3F12.9070606@zytor.com>
     [not found] ` <Pine.LNX.4.58.0504121452330.4501@ppc970.osdl.org>
     [not found]   ` <20050412224027.GB20821@elte.hu>
     [not found]     ` <Pine.LNX.4.58.0504121554140.4501@ppc970.osdl.org>
     [not found]       ` <20050412230027.GA21759@elte.hu>
     [not found]         ` <20050412230729.GA22179@elte.hu>
     [not found]           ` <20050413111355.GB13865@elte.hu>
     [not found]             ` <425D4E1D.4040108@zytor.com>
     [not found]               ` <20050413165310.GA22428@elte.hu>
     [not found]                 ` <425D4FB1.9040207@zytor.com>
     [not found]                   ` <20050413171052.GA22711@elte.hu>
     [not found]                     ` <Pine.LNX.4.58.0504131027210.4501@ppc970.osdl.org>
     [not found]                       ` <20050413182909.GA25221@elte.hu>
     [not found]                         ` <Pine.LNX.4.58.0504131144160.4501@ppc970.osdl.org>
2005-04-13 20:02                           ` Index/hash order Ingo Molnar
2005-04-13 20:07                             ` H. Peter Anvin
2005-04-13 20:15                               ` Ingo Molnar
2005-04-13 20:18                                 ` Ingo Molnar
2005-04-13 20:21                                   ` Ingo Molnar
2005-04-13 20:26                                     ` Updated base64 patches H. Peter Anvin
2005-04-13 21:04                                 ` Index/hash order Linus Torvalds
2005-04-20  7:40                                   ` Ingo Molnar [this message]
2005-04-20  7:49                                     ` enforcing DB immutability Ingo Molnar
2005-04-20  7:53                                       ` Ingo Molnar
2005-04-20  8:58                                         ` Chris Wedgwood
2005-04-20 14:57                                       ` Nick Craig-Wood
2005-04-27  8:15                                       ` Wout
2005-04-13 20:15                               ` Index/hash order Linus Torvalds
2005-04-13 20:28                         ` Baruch Even
     [not found]                   ` <Pine.LNX.4.58.0504131008500.4501@ppc970.osdl.org>
2005-04-13 21:40                     ` Florian Weimer
2005-04-13 22:11                       ` Linus Torvalds
2005-04-13 22:48                         ` Florian Weimer
2005-04-14  7:04                         ` Ingo Molnar
2005-04-14 10:50                           ` cache-cold repository performance Ingo Molnar
2005-04-20  8:41 enforcing DB immutability linux
2005-04-20 15:57 ` Erik Mouw
2005-04-22 16:10 ` Bill Davidsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox
  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):
  git send-email \
    --in-reply-to=20050420074053.GA22436@elte.hu \
    --to=mingo@elte.hu \
    --cc=git@vger.kernel.org \
    --cc=hpa@zytor.com \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY
  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
  Be sure your reply has a Subject: header at the top and a blank line
  before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).