From: Dave Chinner <david@fromorbit.com>
To: Andreas Dilger <adilger@dilger.ca>
Cc: Omar Sandoval <osandov@osandov.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
kernel-team@fb.com, Linux API <linux-api@vger.kernel.org>,
linux-btrfs <linux-btrfs@vger.kernel.org>,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-xfs@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Steve French <sfrench@samba.org>
Subject: Re: [RFC PATCH 0/6] Allow setting file birth time with utimensat()
Date: Tue, 19 Feb 2019 09:18:20 +1100 [thread overview]
Message-ID: <20190218221820.GF14116@dastard> (raw)
In-Reply-To: <72A04438-5991-4A60-8AAB-021A41DE6711@dilger.ca>
On Sat, Feb 16, 2019 at 06:57:45PM -0700, Andreas Dilger wrote:
> While it may be a bit of a stretch to call this "forensic evidence", making
We do forensic analysis of corrupt filesystems looking for evidence
of what went wrong, not just looking for evidence of what happened
on systems that have been broken into.
> it hard to change from except via total root compromise by a skilled hacker
> is very useful.
*nod*.
> If this were to go in (which I'm not in favour of), then there would need to
> be a CONFIG and/or runtime knob to turn it off (or better to only turn it on),
> similar to how FIPS and other security options can only go in one direction.
The problem here is that "inode birth time" is being conflated with
"user document creation time". These two things are very different.
i.e. One is filesystem internal information and is not related to
when the original copy of the data in the file was created, the
other is user specified metadata that is related to the file data
contents and needs to travel with the data, not the filesystem.
IMO, trying to make one on-disk field hold two different types of
information defeats one or the other purpose, and nobody knows which
one the field stores for any given file.
I'd suggest that "authored date" should be a generic system xattr so
most filesystems support it, not just those that have a birth time
field on disk. Sure, modify it through utimesat() and expose it
through statx() (as authored time, not birth time), but store it a
system xattr rather than an internal filesystem metadata field that
requires was never intended to be user modifiable.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2019-02-18 22:18 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-14 10:00 [RFC PATCH 0/6] Allow setting file birth time with utimensat() Omar Sandoval
2019-02-14 10:00 ` [RFC PATCH 1/6] fs: add btime to struct iattr Omar Sandoval
2019-02-14 10:00 ` [RFC PATCH 2/6] fs: add AT_UTIME_BTIME for utimensat() Omar Sandoval
2019-02-14 10:00 ` [RFC PATCH 3/6] Btrfs: add support for setting btime Omar Sandoval
2019-02-14 10:00 ` [RFC PATCH 4/6] ext4: " Omar Sandoval
2019-02-14 10:00 ` [RFC PATCH 5/6] f2fs: " Omar Sandoval
2019-02-14 10:00 ` [RFC PATCH 6/6] xfs: " Omar Sandoval
2019-02-14 10:00 ` [PATCH] generic: add a test for AT_UTIME_BTIME Omar Sandoval
2019-02-14 10:00 ` [PATCH] utimensat2: document AT_UTIME_BTIME Omar Sandoval
2019-02-14 10:00 ` [PATCH] xfs_io: add AT_UTIME_BTIME support Omar Sandoval
2019-02-14 22:06 ` [RFC PATCH 0/6] Allow setting file birth time with utimensat() Dave Chinner
2019-02-14 23:14 ` Omar Sandoval
2019-02-15 0:16 ` Dave Chinner
2019-02-15 6:59 ` Omar Sandoval
2019-02-15 13:57 ` David Disseldorp
2019-02-17 1:57 ` Andreas Dilger
2019-02-18 22:18 ` Dave Chinner [this message]
2019-02-22 19:00 ` Omar Sandoval
2019-02-23 18:32 ` Andreas Dilger
2019-02-17 16:35 ` Boaz Harrosh
2019-02-17 17:54 ` Adam Borowski
2019-02-17 20:40 ` Andy Lutomirski
2019-02-19 4:04 ` Matthew Wilcox
2019-02-19 4:28 ` Dave Chinner
2019-02-20 7:47 ` Andreas Dilger
2019-02-15 1:57 ` Hans van Kranenburg
2019-02-15 5:39 ` Omar Sandoval
2019-02-15 18:25 ` Hans van Kranenburg
2019-02-22 15:02 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190218221820.GF14116@dastard \
--to=david@fromorbit.com \
--cc=adilger@dilger.ca \
--cc=jaegeuk@kernel.org \
--cc=kernel-team@fb.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=osandov@osandov.com \
--cc=sfrench@samba.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).