From owner-freebsd-hackers  Tue Aug 24  6:44:51 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from orchard.arlington.ma.us (orchard.epilogue.com [128.224.138.4])
	by hub.freebsd.org (Postfix) with ESMTP id 18BD415162
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 24 Aug 1999 06:44:47 -0700 (PDT)
	(envelope-from sommerfeld@orchard.arlington.ma.us)
Received: from orchard.arlington.ma.us (localhost [[UNIX: localhost]])
	by orchard.arlington.ma.us (8.8.8/1.34) with ESMTP id NAA14008;
	Tue, 24 Aug 1999 13:42:27 GMT
Message-Id: <199908241342.NAA14008@orchard.arlington.ma.us>
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
Cc: Wolfgang Solfrank <ws@tools.de>, freebsd-hackers@FreeBSD.ORG,
	tech-userlevel@netbsd.org, tech-kern@netbsd.org
Subject: Re: Need some advice regarding portable user IDs 
In-Reply-To: Message from Manuel Bouyer <bouyer@antioche.lip6.fr> 
   of "Tue, 24 Aug 1999 15:06:52 +0200." <19990824150652.A4107@antioche.lip6.fr> 
Date: Tue, 24 Aug 1999 09:42:27 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Solving this is not trivial, I don't think changing the panic() to
> return(appropriate_error_code) is the rigth thing to do, in some case
> you want to panic if a filesystem gets corrupted. 

Indeed, from an overall system robustness perspective, a panic,
reboot, and salvage is, in general, preferable to a forced-unmount of
/ or /usr leading to the system becoming useless..  This isn't
necessarily going to be the case for other filesystems, but still, it
would require manual intervention to recover from.

This problem has been dealt with in various ways in other systems in
the past.  

My understanding is that under some circumstances, Multics would
automatically invoke an on-line incremental salvager when corruption
was detected; however, this can also be dangerous -- several multics
security holes (which were all eventually closed) involved tricking
the directory salvager in various ways...  one of these involved a
quoting error in the script which invoked the salvager so that you
could embed a ";" followed by a command in the name of the directory
to be salvaged...

						- Bill


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message