On Tue, Apr 30, 2002 at 07:04:33PM -0500, Steve Lord wrote:
> On Tue, 2002-04-30 at 18:49, Stephen Lord wrote:
>
> >
> > I dug some more and there does not appear to be checking on unused bits
> > in the di_flags field of the on disk inode, although that does not
> > include xfs_check which is a rather byzantine chunk of code. So it
> > might be possible to use a bit in here. Like I said though, right
> > now I am not going to get near something like this for quite a while.
That would be the simplest way after all if it works.
> >
> > Andi, is immutable checking all done above the vfs or do filesystems
> > have to enforce it as well?
I think it's done in the file system.
> OK, I answered that myself - maybe we can do this quickly - provided
> chattr does not check the filesystem type it is applied too.
I don't think it does. It just does the ioctl.
P.S.: Overall I don't think immutable/append-only are too useful because
attackers can always get rid of them by mknod'ing a device and writing to the
disk directly and forcing an inode flush. So it may not be worth much effort
for the pseudo security ones, as they only give a false sense of security.
immutable is sometimes useful to prevent mistakes, but not for more.
The only ones that may be worth it are 'S' (force O_SYNC, especially
for directories e.g. to handle qmail/postfix spool dirs without forcing
synchronous for the whole fs), 'A' (no atime) and 'd' for incremental
backup purposes.
-And
|