From: jstrand1@rochester.rr.com (James D Strandboge)
To: LINUX-KERNEL <linux-kernel@vger.kernel.org>
Subject: Re: ext3 and undeletion
Date: Wed, 27 Feb 2002 16:00:26 -0500 [thread overview]
Message-ID: <20020227210026.GA18660@rochester.rr.com> (raw)
In-Reply-To: <4188788C3E1BD411AA60009027E92DFD063077D8@loisexc2.loislaw.com>
In-Reply-To: <4188788C3E1BD411AA60009027E92DFD063077D8@loisexc2.loislaw.com>
On Tue, Feb 26, 2002 at 11:48:49AM -0600 or thereabouts, Rose, Billy wrote:
It seems to me the undelete could be in the kernel, and could be
beneficial.
Rather than modifying all the different filesystems, or libc, we could
modify the VFS unlink function in the kernel. It would therefore work
with all filesystems working under VFS, and all programs regardless of
whether it is linked against the latest libc or using LD_PRELOAD.
There are obviously some issues that would have to be resolved with the
algorithm, but as far as versioning I think that is the role of backups.
This should be more along the lines of 'whoops I deleted /etc/fstab.
Let me go get it out of /.undelete'. Simply put, if the file is already
in there, just overwrite it. Though, it wouldn't be too hard to tack a
.1 on the end of the old file I suppose.
Also, if the files are just moved to the .undelete directory (and by
moved, I mean a hard link to .undelete, followed by a remove of the
original), disk usage as reported by df and du would still show it
as there. I don't think that is a very big deal. I simple solution
would just be to have a cron job empty out older files. It should be the
sysadmin's job on how to manage the .undelete directory, not the kernel's
(IMO). Of course, a configurable daemon to monitor the directory could
be implemented, but this especially seems like a userspace problem.
Undeleting is the harder of these. User's should be able to undelete a
file IMO. Either an suid binary has to be created to list the contents
of the .undelete directory based on the user running it, or they can go
into the directory and get what they need. Rather than having a world
write /tmp like directory, it could be chmod 1755 with root ownership.
That way users could browse the directory and cp out what they wanted,
but they can't write to it and overwrite files and do symlink attacks,
etc. This is a security issue in terms of privacy though, depending on
the user's umask. The former (an suid binary) is probably better, but
the latter is the easier to implement.
Please comment.
James Strandboge
--
Email: jstrand1@rochester.rr.com
GPG/PGP ID: 26384A3A
Fingerprint: D9FF DF4A 2D46 A353 A289 E8F5 AA75 DCBE 2638 4A3A
next prev parent reply other threads:[~2002-02-27 21:01 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-26 17:48 ext3 and undeletion Rose, Billy
2002-02-26 17:53 ` Martin Dalecki
2002-02-26 18:03 ` Mike Fedyk
2002-02-26 17:56 ` Rik van Riel
2002-02-26 19:41 ` Andreas Dilger
2002-02-26 18:00 ` H. Peter Anvin
2002-02-26 18:15 ` Andreas Dilger
2002-02-26 18:23 ` Jakob Østergaard
2002-02-26 18:19 ` David Lang
2002-02-26 18:29 ` Andreas Ferber
2002-02-27 21:00 ` James D Strandboge [this message]
2002-02-27 21:40 ` Alan Cox
2002-02-27 22:16 ` James D Strandboge
2002-02-27 22:33 ` Alan Cox
2002-02-27 23:03 ` James D Strandboge
2002-02-28 0:29 ` James D Strandboge
2002-03-04 2:17 ` Mike Fedyk
2002-03-04 15:12 ` Alan Cox
2002-03-04 15:33 ` Mike Fedyk
2002-03-04 19:17 ` James D Strandboge
2002-03-04 20:08 ` Jesse Pollard
2002-03-02 17:36 ` Pablo Alcaraz
-- strict thread matches above, loose matches on Subject: below --
2002-03-05 23:04 Rose, Billy
2002-03-06 20:03 ` Mark Mielke
2002-03-07 21:30 ` Patrick Lynch
2002-02-28 10:37 Randal, Phil
2002-02-26 18:39 Dana Lacoste
2002-02-26 18:47 ` Daniel Gryniewicz
2002-02-26 18:51 ` David Lang
[not found] <fa.n4lfl6v.h4chor@ifi.uio.no>
2002-02-25 17:06 ` Dan Maas
2002-02-25 17:20 ` Mike Fedyk
2002-02-25 23:33 ` Tom Rauschenbach
2002-02-26 0:27 ` Bernd Eckenfels
2002-02-26 5:53 ` H. Peter Anvin
2002-02-26 16:05 ` Mike Fedyk
2002-02-26 16:31 ` H. Peter Anvin
2002-02-26 16:40 ` Mike Fedyk
2002-02-26 16:55 ` H. Peter Anvin
2002-02-26 17:12 ` Mike Fedyk
2002-02-26 16:36 ` Martin Dalecki
2002-02-26 16:43 ` Mike Fedyk
2002-02-26 16:54 ` Martin Dalecki
2002-02-26 17:05 ` Mike Fedyk
2002-02-26 17:07 ` Martin Dalecki
2002-02-26 17:16 ` Mike Fedyk
2002-02-26 17:22 ` Rik van Riel
2002-02-26 17:38 ` Mike Fedyk
2002-02-26 18:14 ` Andreas Ferber
2002-02-26 18:55 ` Andreas Dilger
2002-02-26 22:04 ` Mike Fedyk
2002-02-26 18:34 ` Richard B. Johnson
2002-02-26 18:34 ` H. Peter Anvin
2002-02-26 18:47 ` Richard B. Johnson
2002-02-26 18:52 ` Andreas Dilger
2002-02-28 15:05 ` Andreas Ferber
2002-02-28 22:37 ` Andreas Dilger
2002-02-28 22:55 ` James D Strandboge
2002-03-01 4:44 ` Mike Fedyk
2002-03-04 16:26 ` Pavel Machek
2002-03-05 21:29 ` Andreas Ferber
2002-03-06 11:30 ` Pavel Machek
2002-03-05 22:07 ` Richard B. Johnson
2002-02-26 17:22 ` Mike Fedyk
2002-03-01 0:19 ` Rick Lindsley
2002-03-01 1:02 ` Andreas Dilger
2002-02-26 17:54 ` Andreas Dilger
2002-02-26 18:24 ` Alan Cox
2002-03-04 15:40 ` Pavel Machek
2002-02-25 18:08 ` Richard B. Johnson
2002-02-25 18:40 ` Mike Fedyk
2002-02-25 19:49 ` Andreas Dilger
2002-02-25 16:46 Rose, Billy
2002-02-25 3:27 Steven Walter
2002-02-25 5:08 ` Andreas Dilger
2002-02-25 10:16 ` Fabrice Bellet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020227210026.GA18660@rochester.rr.com \
--to=jstrand1@rochester.rr.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox