Re: Making an interface for alternative data streams

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



One of the arguments in favor of additional interfaces (ioctl or
openat) for accessing alternate data streams which may not be obvious
to Windows users is that while alternate data streams can be opened
just like regular files in Windows (and thus over SMB3 mounts), in
Linux it is hard to allow opening a stream and still support files
with the ':' (colon) character in their file name since colon is used
a separator for the stream name in Windows (and is a reserved
character), but is a valid character in POSIX.    When we use a cifs
or smb3 mount to Windows or Mac we typically map characters (into the
Unicode remap range just above 0xF000) like ':' the same way the Mac
does (and Windows services for Mac does as well).  This is enabled
with mount option "mapposix"

So without an ioctl to query the stream contents (or a new syscall),
you have to choose whether to either allow : in a filename or allow
opening streams.

There is some additional information on some of the more important
uses in Windows for alternate data streams at the end of the article
in this link: https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/

On Tue, Mar 22, 2016 at 11:19 PM, Steve French <smfrench@xxxxxxxxx> wrote:
> On Tue, Mar 22, 2016 at 11:13 PM, Steve French <smfrench@xxxxxxxxx> wrote:
>> On Tue, Mar 22, 2016 at 4:42 PM, Jeremy Allison <jra@xxxxxxxxx> wrote:
>>> On Tue, Mar 22, 2016 at 04:08:01PM -0400, J. Bruce Fields wrote:
>>>>
>>>> But you do see people using "named attributes"/"alternative data
>>>> streams"?
>>>>
>>>> This comes up at the LSF/MM summit every now and then and Jeremy Allison
>>>> inevitably says "hah, only malware writers use those", and that's the
>>>> end of the discussion.  Sounds like Richard Yao has heard otherwise, but
>>>> it'd be nice to have actual examples of users.
>>>
>>> The only use I know of other than malware writers is
>>> the :Zone.Identifier stream used by Internet Explorer.
>>>
>>> http://woshub.com/how-windows-determines-that-the-file-has-been-downloaded-from-the-internet/
>>>
>>> Not sure if the new Microsoft browser still uses them
>>> (I haven't used desktop Windows in over 10 years).
>>
>> Yes, the browser still uses it (at least on the system I tried
>> yesterday), and so do a few important subsystems (the file resource
>> manager for example).  Presumably streams are used even more on Mac.
>>
>> I was experimenting with some patches in the last few weeks to list
>> streams (either via an xattr as ntfs-3g does, but I am leaning toward
>> an ioctl for cifs.ko).  They are needed for backup (at least), and not
>> just for accessing Macs (which use resource forks extensively), but
>> since Windows stores the zone identifier (where a file came from is
>> stored when internet explorer downloads anything) in an alternate data
>> stream, and also "FCI" (file classification information) is stored
>> there.
>
> I should also note that since SMB3 operations are handle based
> (except open/create itself), I prefer using an ioctl rather than xattr
> query to list streams.  In addition, by overlapping the alternate
> data stream name space, with the EAs name space they are
> harder to tell apart (xattrs are used less frequently on Windows
> than in the past but they do show up from time to time,
> e.g. in their Services for Unix).  Seems wrong to make it easy
> to confuse streams and EAs (extended attributes).
>
>
> --
> Thanks,
>
> Steve



-- 
Thanks,

Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux