From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 3 12:21:15 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4323F16A4CE for ; Thu, 3 Mar 2005 12:21:15 +0000 (GMT) Received: from fiona.auriga.ru (nivc-100.auriga.ru [80.240.102.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7128F43D46 for ; Thu, 3 Mar 2005 12:21:09 +0000 (GMT) (envelope-from alexey.neyman@auriga.ru) Received: from vagabond.auriga.ru ([80.240.102.246]) by fiona.auriga.ru with Microsoft SMTPSVC(6.0.3790.0); Thu, 3 Mar 2005 15:25:29 +0300 From: Alexey Neyman Organization: Auriga To: ticso@cicely.de Date: Thu, 3 Mar 2005 15:21:03 +0300 User-Agent: KMail/1.6.2 References: <20050302162928.0916237012@arioch.imrryr.org> <2759.1109809815@critter.freebsd.dk> <20050303120421.GW86348@cicely12.cicely.de> In-Reply-To: <20050303120421.GW86348@cicely12.cicely.de> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200503031521.03380.alex.neyman@auriga.ru> X-OriginalArrivalTime: 03 Mar 2005 12:25:29.0385 (UTC) FILETIME=[161FC190:01C51FEC] cc: hackers@freebsd.org Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 12:21:15 -0000 I think the original author expressed the following concern: - without the GBDE, a failure to write meta-data for a file (say, 'atime' for /etc/passwd) will not result in an unusable system. Whether it was written or not does not matter much: either way, the links to actual file blocks remain intact, and the file itself is preserved. - with the GBDE, updating atime on /etc/passwd could result in a mismatch between the key to a certain sector (containing the inode for /etc/passwd) and the sector itself. This way, one won't be able to decrypt the sector and all information in that sector (including the pointers to file blocks) is lost. Regards, Alexey. On Thursday 03 March 2005 15:04, Bernd Walter wrote: > On Thu, Mar 03, 2005 at 01:30:15AM +0100, Poul-Henning Kamp wrote: > > In message <20050302162928.0916237012@arioch.imrryr.org>, Roland Dowdeswell wri > > tes: > > > > >Let's discuss a simple example and see how it works. Let's walk > > >through a user login, with /etc/passwd on GBDE and the filesystem > > >mounted with mtime. > > > > These days, on the majority of low cost disks used in enduser > > configurations you risk looking an entire track if the disk were > > writing when you pulled power. (People complain about this, but > > doesn't seem to be willing to pay to avoid it.) > > No matter what disk you take - writes never have been atomic. > The major difference I see is that you get a read error back in > the disk failure case, while such a crypto failure produces more or > less random data without any error. > Mounting unclean filesystems rw for bg_fsck can be considered > dangerous with such unexpected data corruption. > And how would you know that a restore from backup is required for > a damaged file? > > -- > B.Walter BWCT http://www.bwct.de > bernd@bwct.de info@bwct.de > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > -- We are intelligent and clever, though you would never call us cunning. -- Spathi, SC2