Date: Thu, 3 Mar 2005 15:21:03 +0300 From: Alexey Neyman <alex.neyman@auriga.ru> To: ticso@cicely.de Cc: hackers@freebsd.org Subject: Re: FUD about CGD and GBDE Message-ID: <200503031521.03380.alex.neyman@auriga.ru> In-Reply-To: <20050303120421.GW86348@cicely12.cicely.de> References: <20050302162928.0916237012@arioch.imrryr.org> <2759.1109809815@critter.freebsd.dk> <20050303120421.GW86348@cicely12.cicely.de>
next in thread | previous in thread | raw e-mail | index | archive | help
I think the original author expressed the following concern: - without the GBDE, a failure to write meta-data for a file (say, 'atime' for /etc/passwd) will not result in an unusable system. Whether it was written or not does not matter much: either way, the links to actual file blocks remain intact, and the file itself is preserved. - with the GBDE, updating atime on /etc/passwd could result in a mismatch between the key to a certain sector (containing the inode for /etc/passwd) and the sector itself. This way, one won't be able to decrypt the sector and all information in that sector (including the pointers to file blocks) is lost. Regards, Alexey. On Thursday 03 March 2005 15:04, Bernd Walter wrote: > On Thu, Mar 03, 2005 at 01:30:15AM +0100, Poul-Henning Kamp wrote: > > In message <20050302162928.0916237012@arioch.imrryr.org>, Roland Dowdeswell wri > > tes: > > > > >Let's discuss a simple example and see how it works. Let's walk > > >through a user login, with /etc/passwd on GBDE and the filesystem > > >mounted with mtime. > > > > These days, on the majority of low cost disks used in enduser > > configurations you risk looking an entire track if the disk were > > writing when you pulled power. (People complain about this, but > > doesn't seem to be willing to pay to avoid it.) > > No matter what disk you take - writes never have been atomic. > The major difference I see is that you get a read error back in > the disk failure case, while such a crypto failure produces more or > less random data without any error. > Mounting unclean filesystems rw for bg_fsck can be considered > dangerous with such unexpected data corruption. > And how would you know that a restore from backup is required for > a damaged file? > > -- > B.Walter BWCT http://www.bwct.de > bernd@bwct.de info@bwct.de > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > -- We are intelligent and clever, though you would never call us cunning. -- Spathi, SC2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503031521.03380.alex.neyman>