ext3 modes

disks usually have write caches and re-order writes, for performance

bad news if disk writes commit block before preceding stuff

ordered vs journaled

ext3 very successful

What are the persistence guarantees for the user?

None, except that her data will be persistent after 30 seconds. But can use fsync() to ensure that the data has become persistent. How will fsync() be implemented in ext3? enough to close commit the current transaction? or do we need to apply the log to the FS tree also?

Databases provide persistence guarantees, and so make extensive use of fsync() if implemented in userspace. Makes filesystem performance much worse. Better to expose raw disk to database than layering it on top of a file system.

Protection and Security

Protection involves mechanisms that prevent accidental or intentional misuse of the system. There are three aspects to a protection mechanism: A tiny flaw in any of these areas can compromise the entire protection mechanism.

Authentication

Authorization

Goal: determine which principals can perform which operations on which objects

Access Enforcement

Common attacks involve Trojan Horses, where a useful program is tricked or modified into doing something that it is not supposed to do, but has the privilege of doing. Example: if there is a bug in the "submit-lab" script, you can trick it to execute anything with the instructor privileges.