"Ted Unangst" <[EMAIL PROTECTED]> writes: > On 6/18/06, Pablo Marmn Ramsn <[EMAIL PROTECTED]> wrote: > > Let's suppose block A contains user A's private data. User A > > deletes the file, so synchronously the metadata referring to that > > file is updated, but the data block still contains the sensitive > > information. Now user B creates a new file B. Let's suppose the > > data block allocated for file B is block A. The right thing to do > > in terms of security is first update block A with the new data, > > and then update the metadata referring to it. But if metadata > > is updated synchronously first (the free block bitmap says that > > block A is allocated and the inode of file B points to it) and > > the system crashes, user B has access to user A's private data. > > In this case (asynchronous data block updates), fsck cannot fix > > the problem (if I'm missing something, please correct me). > > yes, in the case of ffs without softupdates, i believe it is possible > to read from a previously allocated block. since everybody should be > using softupdates, this shouldn't be much of a real problem.
softupdates are not present by default, so I assume that the OpenBSD team thinks that not using softupdates is better. I can't find any recent threads talking about that, so is softupdate better for security/integrity? (because it seem better for performances) -- Guillaume Pinot http://wwwetu.utc.fr/~pinotgui/ + L'amour, c'est comme le nombre Pi. Naturel, irrationnel et trhs important. ; -- Lisa Hoffman () Campagne du ruban ascii -- contre les mails en html /\ Contre les pihces jointes Microsoft
