[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Filesystem choice in secure serverinstallation



I have definitely had stability problems with a server using ReiserFS.

This was in SuSE 7.2 so might be better now but it caused a lot of lost time
and embarassment for me.  Any processes accessing either certain files or
certain directories - fairly randomly this occurred - would hang and be
unkillable - going to state "D" in ps (I think this is called
uninterruptible wait and represent the fact that the process cannot receive
semaphores or signals and will never be scheduled until the I/O kernel
operation performed has completed - it never completes - this seems to be a
classic symptom of a buggy kernel driver).

Since then my business partner and I have agreed a moritorium on ReiserFS on
our server(s).

I recently upgraded the box to SuSE 8.2 and took the opportunity to move the
root fs to ext3.  This has one major benefit - if all else fails you can
mount it as ext2.  That's what I did after a recent server crash caused by
faulty RAID kernel drivers supplied by the company that made the RAID card.

Personally, I would definitely recommend ext3 and possibly even ext2
exclusively for a server environment.

Regards,
Carl


----- Original Message ----- 
From: <suse@xxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Wednesday, January 21, 2004 5:48 PM
Subject: Re: [suse-security] Filesystem choice in secure serverinstallation


> Quoting Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>:
> >
> > I was reading the SLES8_EAL2_SecurityGuide.pdf
> > http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf
> >
> > On page 8 it stated to have the "/" partion as ext3. If I remember
> > correctly SuSE had ReiserFS since 6.4 and and it has been the default
> > choice of filesystem for quite a time.
> >
> > So want I want to understand is what makes "ext3" as a better choice for
> > the meeting of criteria and what are the reasons reiserfs fails.
> >
> > I do not want to start a flame war but I want to understand the facts in
> > making such a decision.
> >
>
> I have no direct knowledge, but I'm guessing it has something to do with
cutting
> down the work required to get EAL certification.  EXT3 has the advantage
of
> being somewhat simpler than reiser, it's essentially just a journaling
system
> tagged onto the venerable ext2.  ext2 had probably been vetted before, so
> getting ext3 in was easier than getting reiser in.
>
> I would be surprised if there was any technical reason; I believe it was
just a
> way to streamline the certification.
>
> (and I'm someone who only uses ext3, not reiser, out of sheer
bloody-minded
> stubborness and an irrational fear that reiser is not entirely stable)
>
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here