Date: Tue, 24 Aug 1999 09:42:27 -0400 From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us> To: Manuel Bouyer <bouyer@antioche.lip6.fr> Cc: Wolfgang Solfrank <ws@tools.de>, freebsd-hackers@FreeBSD.ORG, tech-userlevel@netbsd.org, tech-kern@netbsd.org Subject: Re: Need some advice regarding portable user IDs Message-ID: <199908241342.NAA14008@orchard.arlington.ma.us> In-Reply-To: Message from Manuel Bouyer <bouyer@antioche.lip6.fr> of "Tue, 24 Aug 1999 15:06:52 %2B0200." <19990824150652.A4107@antioche.lip6.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> Solving this is not trivial, I don't think changing the panic() to > return(appropriate_error_code) is the rigth thing to do, in some case > you want to panic if a filesystem gets corrupted. Indeed, from an overall system robustness perspective, a panic, reboot, and salvage is, in general, preferable to a forced-unmount of / or /usr leading to the system becoming useless.. This isn't necessarily going to be the case for other filesystems, but still, it would require manual intervention to recover from. This problem has been dealt with in various ways in other systems in the past. My understanding is that under some circumstances, Multics would automatically invoke an on-line incremental salvager when corruption was detected; however, this can also be dangerous -- several multics security holes (which were all eventually closed) involved tricking the directory salvager in various ways... one of these involved a quoting error in the script which invoked the salvager so that you could embed a ";" followed by a command in the name of the directory to be salvaged... - Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908241342.NAA14008>