From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 29 21:41:42 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D346106566B for ; Wed, 29 Sep 2010 21:41:42 +0000 (UTC) (envelope-from kc5vdj.freebsd@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 23A848FC16 for ; Wed, 29 Sep 2010 21:41:41 +0000 (UTC) Received: by ywt2 with SMTP id 2so522470ywt.13 for ; Wed, 29 Sep 2010 14:41:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=b1GuFmABF1Mw4cVTQAGRjboCV+uiDUJqOyUymJeEpmk=; b=uDsnxBgUibymzAXDTp4CoV/rrVqVaFm8UX8ecjX8YWeiZDfXfBMOYAm6Co1B8yOJz7 aYPHjB28JCHz0H7oLNqjzl+BrVR7OD/+juJEyfhRjX3cAkTG/PwwReiKMjBpD1qVpkC5 2ddmfxbfzKfXZ6XzprsUg93ou+viSqQLm9Vdo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=KOxWzM2cjEBybX8K0mlb3RvumRhiZWds6MXaP/8JQZ+PyiIBwZ1m9WGljANE6rXzvd ovT63bDgidIgERWorV3ujYh906CI0NoHP0i7eLMaz5A0dM6Rf/uaK+XniwUkqNfZoX/Z nEmX4NKzVySjKWqS5yyLeg7/YFks6bDnGW+RM= Received: by 10.231.149.140 with SMTP id t12mr2460476ibv.100.1285796500517; Wed, 29 Sep 2010 14:41:40 -0700 (PDT) Received: from argus.electron-tube.net (desm-47-213.dsl.netins.net [167.142.47.213]) by mx.google.com with ESMTPS id h8sm9359591ibk.9.2010.09.29.14.41.38 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 29 Sep 2010 14:41:39 -0700 (PDT) Message-ID: <4C9AA0F6.6040509@gmail.com> Date: Wed, 22 Sep 2010 19:36:06 -0500 From: Jim Bryant User-Agent: Thunderbird 2.0.0.24 (X11/20100911) MIME-Version: 1.0 To: Atom Smasher References: <1009110004520.2000@smasher> In-Reply-To: <1009110004520.2000@smasher> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, Ivan Voras Subject: Re: How to disallow logout X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2010 21:41:42 -0000 Atom Smasher wrote: > On Fri, 10 Sep 2010, Ivan Voras wrote: > >> 1) power outage of the server >> 2) power outage on the client >> 3) network problems (ssh or TCP connection drop) >> 4) administrative command (e.g. root executes "killall $shell") >> >> ? >> >> I don't think there is a way to protect from all of those, so any >> effort in protecting from only part of the problem looks useless. > ======================== > > you forgot cosmic rays, nuclear war and zombie apocalypse, among other > failure modes. *NOTHING* is capable of protecting against everything; > a good solution will most always have pitfalls; as a > sysadmin/engineer/manager one has to either accept the pitfalls or > find a more acceptable solution, which usually means different > pitfalls. that doesn't mean a given solution is useless. > > Bah. since you mentioned .logout, i'm assuming you are using tcsh. what i would suggest is that you create an md and check out the files into that. this solves the power fail issue completely, also, it solves the main issue. have the logout script simply umount and mdconfig -d the ramdisk. also, this way, security is enhanced because no fragments, even of deleted files, are left on disk after logout. the only question i have is if a bzero is done before returning the ram to the os, if not, simply dd if=/dev/zero of=/dev/md0 bs=whatever to be sure that the ram formeerly contained in the ramdisk isn't readable by later procs. have you considered trustedbsd? it should perform the bzero by default. TBSD MAC is in fbsd these days to control access to the mountpoint, but that might not help if you are worried about a lifted disk, MAC don't mean shit without physical security, the kind involved in the environments for which it was commissioned.