On Tue, 2002-04-30 at 19:37, Andi Kleen wrote:
> On Tue, Apr 30, 2002 at 07:04:33PM -0500, Steve Lord wrote:
> > On Tue, 2002-04-30 at 18:49, Stephen Lord wrote:
...
> P.S.: Overall I don't think immutable/append-only are too useful because
>
> attackers can always get rid of them by mknod'ing a device and writing
> to the
> disk directly and forcing an inode flush. So it may not be worth much
> effort
> for the pseudo security ones, as they only give a false sense of
> security.
Right, and I didn't ask because of security, we're thinking more along
the lines of mistakes, which could lead to flags with file monitors,
etc. That is more important in this way, than *just* security, for the
purpose of the question posed.
>
> immutable is sometimes useful to prevent mistakes, but not for more.
Right. See above.
>
> The only ones that may be worth it are 'S' (force O_SYNC, especially
> for directories e.g. to handle qmail/postfix spool dirs without forcing
> synchronous for the whole fs), 'A' (no atime) and 'd' for incremental
> backup purposes.
They all have *some* usefulness, but trying to make then do things they
weren't really designed to do in the first place, or putting too much
stock in the base implementation, isn't always the best idea anyway. :)
>
>
> -And
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin@xxxxxxxxxxxxxxx
"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
signature.asc
Description: This is a digitally signed message part
|