From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 3 12:05:06 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E9FD16A4CE for ; Thu, 3 Mar 2005 12:05:06 +0000 (GMT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59C2543D48 for ; Thu, 3 Mar 2005 12:05:05 +0000 (GMT) (envelope-from ticso@cicely12.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [10.1.1.7]) (authenticated bits=0)j23C4tHw089331 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Thu, 3 Mar 2005 13:04:57 +0100 (CET) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (cicely12.cicely.de [IPv6:3ffe:400:8d0:301::12]) by cicely5.cicely.de (8.12.10/8.12.10) with ESMTP id j23C4R55017269 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 3 Mar 2005 13:04:27 +0100 (CET) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (localhost [127.0.0.1]) by cicely12.cicely.de (8.12.11/8.12.11) with ESMTP id j23C4QJT010696; Thu, 3 Mar 2005 13:04:26 +0100 (CET) (envelope-from ticso@cicely12.cicely.de) Received: (from ticso@localhost) by cicely12.cicely.de (8.12.11/8.12.11/Submit) id j23C4Mn0010694; Thu, 3 Mar 2005 13:04:22 +0100 (CET) (envelope-from ticso) Date: Thu, 3 Mar 2005 13:04:22 +0100 From: Bernd Walter To: Poul-Henning Kamp Message-ID: <20050303120421.GW86348@cicely12.cicely.de> References: <20050302162928.0916237012@arioch.imrryr.org> <2759.1109809815@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2759.1109809815@critter.freebsd.dk> X-Operating-System: FreeBSD cicely12.cicely.de 5.2-CURRENT alpha User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=3.0 tests=BAYES_00 autolearn=no version=2.64 X-Spam-Report: * -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on cicely12.cicely.de cc: tech-security@NetBSD.org cc: Roland Dowdeswell cc: hackers@freebsd.org Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ticso@cicely.de List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 12:05:06 -0000 On Thu, Mar 03, 2005 at 01:30:15AM +0100, Poul-Henning Kamp wrote: > In message <20050302162928.0916237012@arioch.imrryr.org>, Roland Dowdeswell wri > tes: > > >Let's discuss a simple example and see how it works. Let's walk > >through a user login, with /etc/passwd on GBDE and the filesystem > >mounted with mtime. > > These days, on the majority of low cost disks used in enduser > configurations you risk looking an entire track if the disk were > writing when you pulled power. (People complain about this, but > doesn't seem to be willing to pay to avoid it.) No matter what disk you take - writes never have been atomic. The major difference I see is that you get a read error back in the disk failure case, while such a crypto failure produces more or less random data without any error. Mounting unclean filesystems rw for bg_fsck can be considered dangerous with such unexpected data corruption. And how would you know that a restore from backup is required for a damaged file? -- B.Walter BWCT http://www.bwct.de bernd@bwct.de info@bwct.de