Subject: Puzzling questions about FFS
To: None <kim@dde.dk>
From: Gordon W. Ross <gwr@jericho.mc.com>
List: tech-kern
Date: 10/28/1994 17:06:07
> From: kim@dde.dk (Kim Andersen)
> Date: Fri, 28 Oct 94 17:58:51 DNT

> There's a never ending discussion going on in comp.os.linux.development
> regarding problems and virtues of Linux's ext2fs filesytem and FFS.
> 
> One of the things that keeps surfacing is that the synchronous writes of
> inodes are wrong, and could lead to security failures.
> 
> As I havent studied the code in either file system too closely, I would like
> someone to comment on the validity of the statements.
> 
> It was written in one article:
> >As someone pointed out, the only way to ensure file system integrity is to
> >write out first data blocks, then indirect blocks and then the inode. FFS
> >does the opposite which is at best useless, at worst wrong.

The write order of these objects for "file system hardening" must
avoid the possibility that fsck might find a "dangling reference".
For example, if one writes an inode before the data blocks that
it points to, and then power fails, the fsck will find an inode
that points to data blocks containing garbage.  If you write in
the opposite order, you are asured that inodes never point at
garbage.

Gordon Ross