>Then I don't see how SMF/SQLite can protect itself. I mean, the >contents of /etc/inet/hosts on my laptop had been *completely* replaced >with some other file's content (I forget which). I wonder if the fact >that the system came up without forcing single-user mode (to manually >fsck /) had anything to do with that.
But of course it can! It's just not easy. There are system calls which allow you to ask UFS for a guarantee; you will need to go from one such state to the next with judicious use of the appropriate system calls. But that is not easy. ZFS is much better in that respect because it is transactional itself. Only once fsync() has returned the transaction is complete and you must guard yourself against all intermediate states. >Again, the config file wouldn't go away; the purpose of this proposal is >to make it easier to setup new instances that differ very little from >the default instance, not to completely change how sshd is configured. Is that really that simple? A lot of sshd's config is considered rooted in /etc/ssh. What bits would you replace and what bits would be pertinent to the ssh clients (of which there would be only one class)? Casper
