On Wed, 2005-09-07 at 15:13 +0200, Andreas Brosche wrote: > > o an attacker can exploit potential bugs in GFS's code, just as well > > as in dlm's, and having physical access to the Server 2's journals > > is probably more harmful than trying to hack through dlm's API > > calls. > > Sure, the possibility of potential bugs in GFS was also under my > considerations. Injection of harmful code could be possible either way, if > there is in fact a security flaw in the sync code, granted... it wouldn't > make much of a difference if the code is injected via disk or via service... Note: If anyone breaks in to the world-facing server, you will need a way to detect it and notify the other server. Once this happens, it's safe (perhaps paranoid) to assume all data on the shared disk is corrupt, and possibly dangerous, and so should not be used. -- Lon -- Linux-cluster@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/linux-cluster