Wouldn't this kernel security feature be useful?
Hi everyone, I found a Slashdot article today regarding a pretty neat kernel security feature in Windows Vista and thought that the idea may be embraced by the Linux community as well. Here is the article:
You can read the whole thing and the comments here:
An anonymous reader writes to mention that in the final part of his three part series, Mark Russinovich wraps up his look at changes made in the Windows Vista Kernel by exploring advancements in reliability, recovery, and security. "Applications written for Windows Vista can, with very little effort, gain automatic error recovery capabilities by using the new transactional support in NTFS and the registry with the Kernel Transaction Manager. When an application wants to make a number of related changes, it can either create a Distributed Transaction Coordinator (DTC) transaction and a KTM transaction handle, or create a KTM handle directly and associate the modifications of the files and registry keys with the transaction. If all the changes succeed, the application commits the transaction and the changes are applied, but at any time up to that point the application can roll back the transaction and the changes are then discarded."
I was wondering if this particular feature existed in the Linux kernel as a module or perhaps built into the kernel. If not, maybe it ought to be? Just figured it was a novel idea and may contribute to the already impressive security facilities of the Linux kernel.
Any ideas, critisisms and thoughts are welcome!
What transactions are all about...
Quoted from Wikipedia's article on Database Transactions:
n database products the ability to handle transactions allows the user to ensure that integrity of a database is maintained.
A single transaction might require several queries, each reading and/or writing information in the database. When this happens it is usually important to be sure that the database is not left with only some of the queries carried out. For example, when doing a money transfer, if the money was debited from one account, it is important that it also be credited to the depositing account. Also, transactions should not interfere with each other. For more information about desirable transaction properties, see ACID.
A simple transaction is usually issued to the database system in a language like SQL in this form:
1. Begin the transaction
2. Execute several queries (although any updates to the database aren't actually visible to the outside world yet)
3. Commit the transaction (updates become visible if the transaction is successful)
If one of the queries fails the database system may rollback either the entire transaction or just the failed query. This behaviour is dependent on the DBMS in use and how it is set up. The transaction can also be rolled back manually at any time before the commit.
Now, I know this is for databases, but it really helps illustrate what Microsoft is trying to do for applications.
From what I understand, and correct me if I'm wrong, the new transactional nature of Vista will make sure that all tasks that a program wants to perform are completed successfully before committing changes to memory and disk drives. Also, I'm assuming that the transaction mechanism would keep track of all interim changes that it makes to memory and disks so that it knows what to roll back and in which order to roll things back.
Possible and useful for Linux? That is the question :)
I'm gonna check out inotify right now...
Thanks for all the discussion everyone!
Not to it's full potential
So, that handles the filesystem part of things, how's 'bout the memory part of things and perhaps stack and register rollback functionality? Eh?! eh!????
Just kidding :) Good points, though I still don't believe that it's being implemented to it's full potential. If there are anymore suggestions, they are welcomed.