Re: XFS: how to NOT null files on fsck?

[Chris Wedgwood]

On Tue, Jul 13, 2004 at 07:25:29AM +0000, Anton Ertl wrote:

> A secure FS must ensure that other people's deleted data does not
> end up in the file.  AFAIK FSs don't record owners for free blocks,
> so they can only ensure this by zeroing the blocks.

How can free blocks have an owner?  They wouldn't be free then.

> So I doubt that you will see any different behaviour from an FS that
> keeps only meta-data consistent and writes meta-data before data.

You do, some fs' will return stale data.

> It's too hard to fix the applications, since there is no easy way to
> test that they are really fixed.

No, it's not hard to fix the applications and it's easy to tell if
they are fixed.

> Also, the number of applications is much higher than the number of
> file systems.

You don't fix all applications, only ones where data is critical and
their handling of it is poor.  MTAs like postfix don't have a problem
for example, they are generally written well.

> The file system should provide something that I call in-order
> semantics, i.e., that the disk state always represents an existing
> (possibly old) logical state of the FS, not some state that never
> existed, or some existing state with missing data.

ext3 and reiserfs have what amounts to this as an option right now.
It has some performance implications but I'm told works great.

I don't think the current XFS behaviour is undesirable or broken.


   --cw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/