From: Bodo Eggert <7eggert@elstempel.de>
To: Lew Palm <lew@tzi.de>,
"Jeffrey V. Merkey" <jmerkey@wolfmountaingroup.com>,
linux-kernel@vger.kernel.org
Subject: Re: ext4 features
Date: Thu, 06 Jul 2006 00:40:58 +0200 [thread overview]
Message-ID: <E1FyG3b-00015e-Js@be1.lrz> (raw)
In-Reply-To: 6vfLY-4K5-33@gated-at.bofh.it
Lew Palm <lew@tzi.de> wrote:
> Jeffrey V. Merkey wrote:
>> The old novell model is simple. When someone unlinks a file, don't
>> delete it, just mv it to another special directory called DELETED.SAV.
>> Then setup the
>> fs space allocation to reuse these files when the drive fills up by
>> oldest files first. It's very simple. Then you have a salvagable file
>> system.
>
> A complete foolproof car is a car with a maximum speed of 0 mph.
> As a user I give commands to my computer, for example an order to delete a
> file. And this is what I expect it to do.
You don't delete a file but a filename, and that's what your system will
still do.
> If I want it to move a file to another position in the filesystem, I would
> use another command. I don't want my operating system to josh me, that's why
> I use Linux.
> Stealthy keeping of deleted files somewhere is a security black hole.
Depending on unlinked file to be inaccessible and never have been copied
just because you called unlink is the real security hole.
> But accidents happen. Hardware perishes, users are making mistakes, sometimes
> coffee is pouring...
> That's why we backup important data regulary.
And the salvaging fs will do exactly this whenever you unlink() the final
reference. You could also use a userspace library catching each unlink call,
but it would also have to intercept each write() call for each user and
try to reclaim the backup copies on disk-full and would-have-to-fragment
events. Off cause there are no userspace-visible would-have-to-fragment
events, so besides being ugly a userspace solution would not be able to
completely provide the same service.
> A not-really-deleting-filesystem wouldn't relieve us of that duty, but would
> make a system more insecure and ambiguous.
It's just a marginal shift. If you can't trust yourself, you've lost. If
you can't trust the current root, you're screwed, too. If you can't trust
a future root, the time window in which the file can be recovered will
slightly increase and the needed knowledge will be reduced. Otherwise, there
is no change.
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
http://david.woodhou.se/why-not-spf.html
next prev parent reply other threads:[~2006-07-05 22:41 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6tVcC-1e1-79@gated-at.bofh.it>
[not found] ` <6tVcC-1e1-81@gated-at.bofh.it>
[not found] ` <6tVcC-1e1-83@gated-at.bofh.it>
[not found] ` <6tWib-2Ly-7@gated-at.bofh.it>
[not found] ` <6uDdv-7bs-3@gated-at.bofh.it>
[not found] ` <6uDGF-7Nj-47@gated-at.bofh.it>
[not found] ` <6uDQb-8e8-9@gated-at.bofh.it>
[not found] ` <6uDQb-8e8-13@gated-at.bofh.it>
[not found] ` <6uE9y-d1-1@gated-at.bofh.it>
[not found] ` <6uPom-87W-23@gated-at.bofh.it>
2006-07-04 12:28 ` ext4 features Bodo Eggert
2006-07-04 15:32 ` Valdis.Kletnieks
[not found] ` <6uRq6-2Dl-9@gated-at.bofh.it>
[not found] ` <6uRJx-30t-5@gated-at.bofh.it>
[not found] ` <6uVN4-AN-9@gated-at.bofh.it>
2006-07-05 14:09 ` ext4 features (salvage) Bodo Eggert
[not found] ` <6uEMp-1gr-41@gated-at.bofh.it>
[not found] ` <6uUo2-6SN-5@gated-at.bofh.it>
[not found] ` <6uW6v-15i-19@gated-at.bofh.it>
[not found] ` <6vfLY-4K5-33@gated-at.bofh.it>
2006-07-05 22:40 ` Bodo Eggert [this message]
[not found] ` <6uXYv-3RG-1@gated-at.bofh.it>
[not found] ` <6veG8-350-7@gated-at.bofh.it>
[not found] ` <6vfiU-465-13@gated-at.bofh.it>
[not found] ` <6vmNk-77r-23@gated-at.bofh.it>
[not found] ` <6vnq7-7Tw-55@gated-at.bofh.it>
[not found] ` <6vrN0-5Se-9@gated-at.bofh.it>
[not found] ` <6vBsY-38p-9@gated-at.bofh.it>
2006-07-07 9:38 ` ext4 features Bodo Eggert
2006-07-07 14:37 ` Trond Myklebust
2006-07-09 9:50 ` Bodo Eggert
2006-07-08 2:22 Chuck Ebbert
-- strict thread matches above, loose matches on Subject: below --
2006-07-01 16:33 Thomas Glanzmann
2006-07-01 17:07 ` Tomasz Torcz
2006-07-01 17:47 ` Thomas Glanzmann
2006-07-01 18:09 ` Claudio Martins
2006-07-01 18:59 ` Thomas Glanzmann
2006-07-01 18:17 ` Tomasz Torcz
2006-07-03 9:44 ` Gabor Gombas
2006-07-03 20:22 ` Helge Hafting
2006-07-03 20:55 ` Tomasz Torcz
2006-07-03 21:01 ` Arjan van de Ven
2006-07-03 21:46 ` Jeff V. Merkey
2006-07-03 21:25 ` Diego Calleja
2006-07-03 22:17 ` Alan Cox
2006-07-04 14:45 ` Jan Engelhardt
2006-07-04 16:35 ` Jeffrey V. Merkey
2006-07-04 18:52 ` Jeff Garzik
2006-07-04 19:40 ` Jeffrey V. Merkey
2006-07-05 13:35 ` Lew Palm
2006-07-03 23:01 ` Jeff V. Merkey
2006-07-04 9:14 ` Benny Amorsen
2006-07-05 4:21 ` Bill Davidsen
2006-07-05 5:13 ` H. Peter Anvin
2006-07-05 5:45 ` Jeffrey V. Merkey
2006-07-07 14:12 ` Pavel Machek
2006-07-05 10:38 ` Krzysztof Halasa
2006-07-07 14:10 ` Pavel Machek
2006-07-07 17:45 ` Krzysztof Halasa
2006-07-07 21:30 ` Pavel Machek
2006-07-08 10:52 ` Krzysztof Halasa
2006-07-08 10:55 ` Pavel Machek
2006-07-08 11:19 ` Krzysztof Halasa
2006-07-08 11:23 ` Pavel Machek
2006-07-08 18:45 ` Avi Kivity
2006-07-08 20:24 ` Krzysztof Halasa
2006-07-04 9:22 ` Petr Tesarik
2006-07-04 11:35 ` Peter Zijlstra
2006-07-04 15:25 ` Pavel Machek
2006-07-05 4:10 ` Bill Davidsen
2006-07-03 21:46 ` Valdis.Kletnieks
2006-07-04 11:14 ` Krzysztof Halasa
2006-07-04 22:35 ` Frank van Maarseveen
2006-07-04 23:47 ` Claudio Martins
2006-07-03 22:12 ` Alan Cox
2006-07-03 21:59 ` Arjan van de Ven
2006-07-03 21:34 ` Bill Davidsen
2006-07-03 21:50 ` Valdis.Kletnieks
2006-07-03 22:04 ` Bruce Ferrell
2006-07-04 14:48 ` Valdis.Kletnieks
2006-07-03 23:00 ` Bill Davidsen
2006-07-04 15:01 ` Valdis.Kletnieks
2006-07-05 2:40 ` Bill Davidsen
2006-07-05 2:47 ` Valdis.Kletnieks
2006-07-04 12:52 ` Helge Hafting
2006-07-06 15:12 ` Ric Wheeler
2006-07-06 17:05 ` Krzysztof Halasa
2006-07-06 17:27 ` Ric Wheeler
2006-07-06 20:52 ` Valdis.Kletnieks
2006-07-07 17:41 ` Krzysztof Halasa
2006-07-07 17:34 ` Krzysztof Halasa
2006-07-04 1:02 ` Theodore Tso
2006-07-04 19:16 ` Thomas Glanzmann
2006-07-04 19:30 ` Valdis.Kletnieks
2006-07-05 12:24 ` Bill Davidsen
2006-07-05 12:59 ` J. Bruce Fields
2006-07-05 13:17 ` Pádraig Brady
2006-07-05 19:33 ` Trond Myklebust
2006-07-05 21:22 ` Bill Davidsen
2006-07-05 21:42 ` Trond Myklebust
2006-07-08 21:04 ` Bill Davidsen
2006-07-10 20:08 ` Trond Myklebust
2006-07-10 22:37 ` Bill Davidsen
2006-07-11 2:36 ` Trond Myklebust
2006-07-21 3:10 ` Bill Davidsen
2006-07-21 12:06 ` Trond Myklebust
2006-07-21 14:36 ` Theodore Tso
2006-07-21 19:02 ` Trond Myklebust
2006-07-22 12:25 ` Theodore Tso
2006-07-05 21:12 ` Bill Davidsen
2006-07-05 21:27 ` linux-os (Dick Johnson)
2006-07-05 21:41 ` J. Bruce Fields
2006-07-06 2:32 ` Bill Davidsen
2006-07-06 2:42 ` Nigel Cunningham
2006-07-06 12:43 ` Trond Myklebust
2006-07-07 2:15 ` Bill Davidsen
2006-07-07 2:30 ` Trond Myklebust
2006-07-07 2:42 ` Ric Wheeler
2006-07-07 2:46 ` Trond Myklebust
2006-07-07 3:16 ` Bill Davidsen
2006-07-07 8:09 ` Bernd Petrovitsch
2006-07-07 14:56 ` Trond Myklebust
2006-07-07 19:52 ` Theodore Tso
2006-07-05 14:04 ` Avi Kivity
2006-07-04 14:36 ` Andi Kleen
2006-07-04 14:43 ` Thomas Glanzmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1FyG3b-00015e-Js@be1.lrz \
--to=7eggert@elstempel.de \
--cc=7eggert@gmx.de \
--cc=jmerkey@wolfmountaingroup.com \
--cc=lew@tzi.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox