lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190217175450.psaesabv3vlzvjv4@angband.pl>
Date:   Sun, 17 Feb 2019 18:54:50 +0100
From:   Adam Borowski <kilobyte@...band.pl>
To:     Boaz Harrosh <openosd@...il.com>
Cc:     Dave Chinner <david@...morbit.com>,
        Omar Sandoval <osandov@...ndov.com>,
        linux-fsdevel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>,
        kernel-team@...com, linux-api@...r.kernel.org,
        linux-btrfs@...r.kernel.org, linux-ext4@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net, linux-xfs@...r.kernel.org
Subject: Re: [RFC PATCH 0/6] Allow setting file birth time with utimensat()

On Sun, Feb 17, 2019 at 06:35:25PM +0200, Boaz Harrosh wrote:
> On 15/02/19 00:06, Dave Chinner wrote:
> > So you're adding an interface that allows users to change the create
> > time of files without needing any privileges?

> > Inode create time is forensic metadata in XFS  - information we use
> > for sequence of event and inode lifetime analysis during examination
> > of broken filesystem images and systems that have been broken into.

> I think the difference in opinion here is that there are two totally
> different BTIme out in the world. For two somewhat opposite motivations
> and it seems they both try to be crammed into the same on disk space.
> 
> One - Author creation time
> Two - Local creation time

> So it looks like both sides are correct trying to preserve their own guy?

I'd say that [2] is too easily gameable to be worth the effort.  You can
just change it on the disk.  That right now it'd take some skill to find the
right place to edit doesn't matter -- a tool to update the btime against
your wishes would need to be written just once.  Unlike btrfs, XFS doesn't
even have a chain of checksums all the way to the root.

On the other hand, [1] has a lot of uses.  It can also be preserved in
backups and version control (svnt and git-restore-mtime could be easily
extended).

I'd thus go with [2] -- any uses for [1] are better delegated to filesystem
specific tools.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Have you accepted Khorne as your lord and saviour?
⠈⠳⣄⠀⠀⠀⠀

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ