[ros-dev] Security policy for FAT partition driver?

Michael B. Trausch fd0man at gmail.com
Tue May 10 21:47:33 CEST 2005 

James Tabor wrote:
> 
>> Why do you say full use of NTFS will not happen?  
> 
> I thought we should stay away from NTFS. But if I'm wrong, that's
> okay with me.
>
> James
>

NTFS is (and will probably remain) not-so-easy to implement, because
it's not terribly well documented.  While it might be good to be able to
read the filesystems after the system is fully stable and such, it might
not be a good idea to attempt to fully implement it.

However, on the other side of that, is this:  NTFS is just plain
*horrible* if you try to gracefully resize it.  Very rarely have I heard
of an NTFS-resizing operation come out without some form of data loss or
filesystem corruption.

That having been said, ReactOS can't possibly expect to be able to
dual-boot and subsequently replace Windows on a single partition system.
 It's hard enough to try to convince Linux to boot in a scenerio where
100% of a hard disk is NTFS and a backup, repartition, reformat, restore
is not an option.

I do think, though, that in the long run, it's safer to just avoid NTFS
altogether.  It's a huge minefield of messy destruction that could
probably wait until after the rest of the system has matured, to be
attacked.  I'd rather move people away from NTFS and closer to something
like ext3 with advanced ACLs.  EXT3 at the very least is better then
something like NTFS, because it's open, performs decently well, and has
support for many different things that NTFS does not.  I think it'd be
great to have ReactOS have support for it and all of it's features,
natively, taking advantage of things like the "executable" attribute
that you give a file, instead of the Windows philosophy that everything
that's .exe, .cmd, .vbs, .bat, etc., be executable by default.

Or functionality that when the user (or program on the user's behalf)
attempted to execute a file, would check the bit and if it wasn't set,
prompt the user if they'd like to have it set.  This could easily thwart
systems that rely on blindly executing (such as many of the worms and
viruses that there are in today's world) from ever seeing the light of
day, if the system doesn't execute it by default - similar to the
approach used by firewall systems that prohibit applications and other
programs from accessing the Internet without first being approved by the
user (things like Windows XP SP2's firewall, and ZoneLabs Integrity
Client, do this).

Anyway, I'll hop off of my soapbox.  :-P

	- Mike

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://reactos.com:8080/pipermail/ros-dev/attachments/20050510/b3756849/signature.bin

More information about the Ros-dev mailing list