From owner-freebsd-security@FreeBSD.ORG  Wed Jan 14 13:56:30 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D966B16A4CE
	for <freebsd-security@FreeBSD.ORG>;
	Wed, 14 Jan 2004 13:56:30 -0800 (PST)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6AD1143D69
	for <freebsd-security@FreeBSD.ORG>;
	Wed, 14 Jan 2004 13:56:27 -0800 (PST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: from khavrinen.lcs.mit.edu (localhost.nic.fr [IPv6:::1])
	by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id i0ELuPDa018031
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
	verify=OK CN=khavrinen.lcs.mit.edu issuer=SSL+20Client+20CA);
	Wed, 14 Jan 2004 16:56:26 -0500 (EST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id i0ELuPTE018028;
	Wed, 14 Jan 2004 16:56:25 -0500 (EST)
	(envelope-from wollman)
Date: Wed, 14 Jan 2004 16:56:25 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200401142156.i0ELuPTE018028@khavrinen.lcs.mit.edu>
To: hawkeyd@visi.com
In-Reply-To: <20040114134215.GA21307@sheol.localdomain>
References: <20040114134215.GA21307@sheol.localdomain>
X-Spam-Score: -9.9 () IN_REP_TO,REFERENCES
X-Scanned-By: MIMEDefang 2.37
X-Mailman-Approved-At: Thu, 15 Jan 2004 02:56:02 -0800
cc: security at FreeBSD <freebsd-security@FreeBSD.ORG>
Subject: mtree vs tripwire
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2004 21:56:31 -0000

<<On Wed, 14 Jan 2004 07:42:15 -0600, D J Hawkey Jr <hawkeyd@visi.com> said:

> What sort of pitfalls should I be aware of?

mtree files don't scale very well, and to make proper use of them for
this purpose requires a great deal more thought.  Tripwire is a bit
more "pre-thunk", and uses a database instead of a flat file, which
speeds updates.  (With mtree you'd have to rescan the entire
filesystem.)

-GAWollman