Re: Multiple Data Stream

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Jul 27, 2008 at 04:04:32PM +0530, Rohit Sharma wrote:
> Does ext2/ext3 supports multiple data streams.

No.  The primary use of alternate data streams in Windows XP has been
Virii, Trojan Horses, and Rootkits.  See this article by Rick Cook,
"Alternate Data Streams: Threat or Menace:"

       http://www.informit.com/articles/article.aspx?p=413685

(Threat or Menace?  Menance or Threat?  Or to quote Bugs Bunny/Daffy
Duck, "Would you like to shoot me now or wait till you get home?"  :-)

I've heard stories of System Administrators refusing to upgrade past
Solaris 8 because of concerns of attackers being able to use the
alternate data streams feature which Sun unfortunately added in
Solaris 9 to hide rootkits in ways that traditional scanning tools
would not be able to detect.

I've yet to see a coherent argument for why multiple data streams is
worth it....

						- Ted


Bugs Bunny: Would you like to shoot me now or wait 'til you get home?
Daffy Duck: Shoot him now! Shoot him now!
Bugs Bunny: You keep outta this! He doesn't have to shoot you now!
Daffy Duck: He does SO have to shoot me now!
[to Elmer]
Daffy Duck: I demand that you shoot me now!
[Elmer raises his gun. As Daffy sticks his tongue out at Bugs, he is shot] 


Daffy Duck: Let'th run through that again.
Bugs Bunny: Okay.
[neutral toned]
Bugs Bunny: Wouldja like to shoot me now or wait till ya get home.
Daffy Duck: [neutral toned] Shoot him now, shoot him now.
Bugs Bunny: [neutral toned] You keep outta dis, he doesn't hafta shoot you now.
Daffy Duck: [with expression] HA! THAT'TH IT! HOLD IT RIGHT THERE!
[to audience]
Daffy Duck: Pronoun trouble.
[to Bugs]
Daffy Duck: It'th not "He doethn't have to shoot
[pointing to Bugs]
Daffy Duck: *you* now." It'th "He doethn't have to shoot
[pointing to himself]
Daffy Duck: *me* now."
[with anger]
Daffy Duck: Well, *I* thay he *does* have to shoot me now!
[to Elmer]
Daffy Duck: THO SHOOT ME NOW!
[Elmer shoots him]
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux