Path: utzoo!attcan!uunet!etnibsd!vsh From: vsh@etnibsd.UUCP (Steve Harris) Newsgroups: comp.unix.wizards Subject: Re: Worm/Passwords (actuall alternate rm programs) Message-ID: <959@etnibsd.UUCP> Date: 23 Nov 88 19:55:38 GMT References: <22401@cornell.UUCP> <4627@rayssd.ray.com> <8563@rpp386.Dallas.TX.US> <466@yarra.oz.au> <135@minya.UUCP> <8113@bloom-beacon.MIT.EDU> Reply-To: vsh@etnibsd.UUCP (Steve Harris) Organization: Eaton Ion Beam Systems Div., Beverly, MA Lines: 44 In article <8113@bloom-beacon.MIT.EDU> jik@athena.mit.edu (Jonathan I. Kamens) writes: >...I am in the process of designing for Project Athena a suite of >file-deletion utilities which allow for file recovery ... Replacing rm (or supplying an alternative "delete" with "undelete" capability) is a useful task. However, it only goes part way. There are so many other ways to clobber files (redirection, ":w" in vi, "of=" in dd, etc.). The extreme in the opposite direction is exemplified by VMS/TOPS-20/ TENEX(??) where files have generation numbers -- you see only the most recent generation(s), but the older copies do not go away until: (a) you logout, (b) you explicitly "expunge" them, or (c) the OS/operator arbitrarily expunges them (e.g., when the disk full-ness passes some high-water-mark). (This is as I remember TOPS-20, I assume VMS (and TENEX and other OS's derived from TENEX) behave similarly). This scheme has two problems: (a) you must have LOTS of disk space available or the system will be continually expunging, and (b) UNIX just isn't set up this way (i.e., file names and generation numbers are incompatible). Rather than rewriting the kernel and the file system, or rewriting the shells and all the other utilities, I find intresting the concept of "watchdog" extensions to the UNIX kernel, described by (damn!! I cannot find the reference -- I thought it was the summer 88 Usenix conference but I don't see it in the proceedings -- can anybody help??). The basic idea is that there exists a set of "watchdog" programs, each of which protects one (or more) file(s). When your program attempts to open/read/write/close such a file, the kernel first consults the watchdog for that file. The watchdog can then, e.g., make a backup copy in some "shadow" directory, to be "expunged" later. (Obviusly, there's a lot more you can use a watchdog for than simply keeping backup copies of files). Well, that's my five (or ten :-) cents' worth. Hope you can find the reference -- check back issues of ;login:, and proceedings of other usenix conferences. Or maybe somebody else can supply it. -- Steve Harris -- Eaton Corp. -- Beverly, MA -- uunet!etnibsd!vsh