[plug] [OT] Security problems with NTFS
Craig Ringer
craig at postnewspapers.com.au
Thu Oct 23 20:20:02 WST 2003
> In the NTFS file system a facility exists to bind additional data to
> a file or directory, called an alternate data stream [url1][url2].
> These alternate data streams cannot be be removed, unless the parent
> file or directory is destroyed. Unfortunately most file wiping
> utilities only deal with the primary data stream and do not wipe the
> alternate data streams, thus leaving data intact.
Actually, it looks like you /can/ access alternate data streams from
other systems - you just have to already know that they're present on a
file and what they're called. I hadn't realised they were accessable
using a standard, FS-integrated syntax.
$ cd /smb/zeus/tmp
$ touch streams:test
$ ls stream*
streams
$ echo "normaldata" > streams
$ cat streams
normaldata
$ echo "streamdata" > streams:test
$ cat streams
normaldata
$ cat streams:test
streamdata
Now, if I can find out what the mac resource fork stream is called I can
tweak tar to try to back up the mac resource fork stream on NTFS
filesystems exported over smb. If the second stream is a raw mac
resource fork I can probably copy between netatalk and NT mac file
stores using a simple script, too. This makes a lot of things much nicer...
Craig Ringer
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list