On Sat, 18 Oct 2003 23:36, Goswin von Brederlow wrote: > Michael Stone <[EMAIL PROTECTED]> writes: > > A quiescent filesystem isn't going to be corrupted in a system crash. > > You need to have metadata inconsistencies caused by filesystem activity > > before you can get corruption. > > Which you get from time to time due to programs opening files > read-write when possible, mtime and atime updates etc.
Opening a file read-write does not necessarily imply actually writing to it. Programs that open read-write when they don't need to are broken, and they are actively being tracked down and fixed. Such programs get logged in the kernel message log in SE Linux and it's easy to track them down and fix them. As for atime, the -onoatime mount option takes care of it. I mount lots of file systems with noatime just to improve performance. One machine that I inspected had no writes to it's root file system during normal operations after noatime was installed. Anyway perhaps we should get a new mailing list debian-security-de for the German meaning of security. Then the rest of us can discuss crypto, MAC, and other things that match the English meaning of the word. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
