On 21 March 2016 at 23:36, Theodore Ts'o <tytso@xxxxxxx> wrote: > On Mon, Mar 21, 2016 at 04:40:41PM -0400, J. Bruce Fields wrote: >> On Mon, Mar 21, 2016 at 04:19:17PM -0400, Richard Yao wrote: >> > Maybe I should clarify that the idea is to allow read/write/list of >> > extended attributes via read/write/readdir so that those that want >> > extended attributes that are alternative data streams can have them. I >> > do not want to see extended attributes and alternative data streams be >> > different things. >> >> I think there are differences between the two that make this awkward. >> Does anyone actually use alternative data stream for anything that makes >> the effort worthwhile? > > Windows malware authors *love* to use alternate data streams as a > place to hide their malware where many security scanners weren't > looking, and certainly most users won't find. > > Does that count? :-) Old invalid argument, and Sophos and Symatec look there as well. If it was a bad idea, why has Linux fs attributes which are almost the same as O_XATTR except that they use a custom api? Why does Macos have alternate streams (called forks)? Why did Solaris adopt it long ago (and still gets support questions about it - just saying before someone argues that no one uses THAT)? Ced -- Cedric Blancher <cedric.blancher@xxxxxxxxx> Institute Pasteur -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
