Date: Sat, 17 Apr 1999 18:03:39 -0700 From: Mike Smith <mike@smith.net.au> To: Greg Black <gjb-freebsd@gba.oz.au> Cc: Matthew Dillon <dillon@apollo.backplane.com>, "Andrew J. Korty" <ajk@purdue.edu>, freebsd-hackers@FreeBSD.ORG Subject: Re: Entombing for FreeBSD Message-ID: <199904180103.SAA00742@dingo.cdrom.com> In-Reply-To: Your message of "Sat, 17 Apr 1999 21:52:14 %2B1000." <19990417115214.23043.qmail@alice.gba.oz.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> Matthew Dillon writes: > > > I've been thinking about this enombing thing... well, I hate to say it, > > but crowbaring into libc is *not* the right way to do it. It's > > just too intrusive. The right way to do it would be to write a device > > driver similar to NULLFS which handles backing up the files, thus giving > > the sysad the option to use such a device to mount-through those partitions > > that the sysad wants to keep checkpointed. Also, putting such intrusive > > code into libc would be fairly dangreous from a security point of view > > even if it is turned off. > > I am completely in agreement with this. It's not something for > libc and it needs to be kept at arm's length from everything > else if it's ever to be part of the core of FreeBSD. You might want to think about how LD_PRELOAD works. You could trivially add entombing support simply by specifying your libentomb.so which overlays the libc functionality for those users that might want it. Then you just need to deal with static binaries like /bin/rm. 8) -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904180103.SAA00742>