From: "Theodore Ts'o" <tytso@mit.edu>
To: Robin Rosenberg <robin.rosenberg.lists@dewire.com>
Cc: William Stearns <wstearns@pobox.com>,
Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: silent semantic changes in reiser4 (brief attempt to document the idea ofwhat reiser4 wants to do with metafiles and why
Date: Thu, 9 Sep 2004 05:03:42 -0400 [thread overview]
Message-ID: <20040909090342.GA30303@thunk.org> (raw)
In-Reply-To: <200409080009.52683.robin.rosenberg.lists@dewire.com>
On Wed, Sep 08, 2004 at 12:09:52AM +0200, Robin Rosenberg wrote:
> Maybe file/./attribute then. /. on a file is currently meaningless. That does
> not avoid the unpleasant fact that has been brought up by others (only to be
> ignored), that the directory syntax does not allow metadata on directories.
*Not* that I am endorsing the idea of being able to access metadata
via a standard pathname --- I continue to believe that named streams
are a bad idea that will be an attractive nuisance to application
developers, and if we must do them, then Solaris's openat(2) API is
the best way to proceed --- HOWEVER, if people are insistent on being
able to do this via standard pathnames, and not introducing a new
system call, I would suggest /|/ as the separator as the third least
worst option. Why?
Any such scheme will violate POSIX and SUS, since we are stealing from
the filename namespace, and thus could cause a previously working
program to stop working --- however, assuming that we don't care about
this, the virtical bar is the least likely to collide with existing
file usages, because of its status as a shell meta-character (i.e.,
pipe). This means that in order to use it on the shell command line,
programs will have to quote it:
cat /home/tytso/word.doc/\|/meta/silly-stupid-metadata-or-named-stream
This may seem to be inconvenient, but one very good thing about this
is that PHP and existing Perl scripts already already treat pathnames
that contain pipes with a certain amount of suspicion --- and this is
a good thing! Otherwise, programs that take input from untrusted
sources (say, URL's or http form posts), may convert such input into a
metadata access, and that may be a very, very, very bad thing. (For
example, it may mean that you will have accidentally allowed a web
user to read or possibly modify an ACL with whatever privileges of the
CGI-perl or php script.) By using a pipe character, it avoids this
problem, since secure CGI scripts must be already checking for the
pipe character anyway.
> I'm not convinced that totally transparent access to meta-data actually
> benefits anyone. If metadata is that useful (which I believe) it may well be
> worth fixing those apps that need, and can use them. The rest should just
> ignore it, even loose it.
Totally agreed. As I said above, I would prefer openat(2) to trying
to do this within a standard pathname, and I would prefer not doing it
all since aside from Samba, which is simply trying to maintain
backwards compatibility with a Really Bad Idea, the number of
protocols and data formats (ftp, tar, zip, gzip, cpio, etc., etc.,
etc.) that would need to be revamped is huge.
- Ted
next prev parent reply other threads:[~2004-09-09 16:39 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-29 20:21 silent semantic changes in reiser4 (brief attempt to document the idea of what reiser4 wants to do with metafiles and why Hans Reiser
2004-08-31 13:12 ` Pavel Machek
2004-08-31 13:36 ` Christian Mayrhuber
2004-09-07 20:16 ` Hans Reiser
2004-09-07 20:59 ` Pavel Machek
2004-09-08 9:14 ` Romano Giannetti
2004-09-07 21:05 ` William Stearns
2004-09-07 22:09 ` Robin Rosenberg
2004-09-09 9:03 ` Theodore Ts'o [this message]
2004-09-09 17:23 ` silent semantic changes in reiser4 (brief attempt to document the idea ofwhat " William Lee Irwin III
2004-09-09 18:09 ` Gunnar Ritter
2004-09-09 19:15 ` Hans Reiser
2004-09-09 20:45 ` Paul Jakma
2004-09-10 0:57 ` Hans Reiser
2004-09-10 1:15 ` Paul Jakma
2004-09-10 5:04 ` Hans Reiser
2004-09-10 5:53 ` viro
2004-09-10 6:52 ` Hans Reiser
2004-09-10 7:05 ` viro
2004-09-10 7:30 ` Hans Reiser
2004-09-10 16:49 ` Lee Revell
2004-09-10 17:23 ` viro
2004-09-10 7:21 ` Hans Reiser
2004-09-10 7:33 ` viro
2004-09-10 7:46 ` Hans Reiser
2004-09-10 8:18 ` viro
2004-09-10 9:20 ` Alan Cox
2004-09-10 17:48 ` Hans Reiser
2004-09-10 17:07 ` Alan Cox
2004-09-10 13:08 ` Horst von Brand
2004-09-10 3:22 ` Horst von Brand
2004-09-12 20:43 ` Davide Inglima
2004-09-10 9:42 ` Helge Hafting
2004-09-10 17:42 ` Horst von Brand
[not found] ` <20040910201738.GB8698@eskimo.com>
2004-09-14 8:39 ` Helge Hafting
2004-08-31 14:09 ` silent semantic changes in reiser4 (brief attempt to document the idea of what " Mike Waychison
2004-08-31 17:55 ` V13
2004-08-31 18:17 ` Spam
2004-08-31 19:08 ` Tonnerre
2004-08-31 19:38 ` Spam
2004-09-01 3:11 ` Robin Rosenberg
2004-08-31 19:35 ` V13
[not found] ` <874qmjm51g.fsf@uhoreg.ca>
2004-08-31 20:31 ` Spam
[not found] ` <87vfezkm06.fsf@uhoreg.ca>
2004-08-31 22:15 ` Spam
2004-08-31 19:49 ` Chris Dawes
2004-09-01 6:03 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040909090342.GA30303@thunk.org \
--to=tytso@mit.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=robin.rosenberg.lists@dewire.com \
--cc=wstearns@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox