There are many security and privacy holes in venti's design that should be fixed. Anyone with access to a venti system has, in essence, full permissions to all data in every file system stored in the system. The only current practical mitigation is to simply prevent access to the venti in the first place, and only expose a file system on top of it, such as fossil, but this can greatly reduce the benefits of venti's deduplication.
Trying to do security in venti feels like it would be ripe for timing attacks - if we have security+global deduplication Ex: User 1 has a block written containing you know, something we want to see if the user has. User 2 (the bad guy) writes an identical block, and it returns very quickly because no write was performed. User 2 now knows the block exists on the system prior to them writing it. I don't see how you can really do security with Venti, it seems like each user does need access to the whole system. Which I guess is why Fossil did all of the heavy lifting. Interesting stuff regardless, I am following along for fun. Relatedly (not really) is ZFS's deduplication https://despairlabs.com/blog/posts/2024-10-27-openzfs-dedup-is-good-dont-use-it/ Thanks Calvin ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T4d8ba4236feb5d92-M36ee6e6fa151248a40e2949f Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
