[Samba] NFSv4 acls inheritance flags

Linda W samba at tlinx.org
Sun May 11 16:55:46 MDT 2014


Theodore Tso wrote:
> One of the big problems is that the Solaris interface for ADS, back 
> when people foolishly thought that it made sense to compete misfeature 
> for misfeature with everyone of Microsoft's Bad Ideas, is that the 
> their alternate data streams were first class files and directories. 
>  You could fchdirat() into the root of the alternate data stream, and 
> then create an entire directory hierarchy of files that could be 
> marked executable.   So you could in theory put an entire chroot 
> inside a Solaris Alternate Data Stream.
----
Sounds like a Solaris specific feature.

>
> You could argue that the answer is to make the ADS less fully 
> functional, and castrate its functionalityi
----
Non-sequitur.

    Executables are not normally considered 'data' anymore than ACL's or 
page-tables, etc.

    Solaris put the ability to execute data in ADS's as executables in 
their OS.  One would assume they have specific controls in place to 
manage that, I don't know, but no one is talking
about Solaris. 

    Windows AND linux have *extended file attributes*, (data) that can 
be called "ADS's, ACL's
or whatever else you want to label them.  It's not till something 
"interprets" them that they
have any meaning beyond "raw data".  MS's ADS's in current Win versions, 
as well as
ext-attrs in current Linux implementations are just 'data', that is 
usable to provide
meta information about the files they are attached to for files that 
were dreamt of having
meta information (music formats, movies, even encrypted pdf's are all 
candidates for
having meta-info streams in ext-attrs, or ADS's.

    Solaris made their ADS's executable.. that's nice.  I don't suggest 
following suit.


> --- but if you're going to do that, it's worth asking the question 
> whether it deserves to exist at all. 
    Not suggesting anyone implement solaris ADS streams.  Specifically, 
we are talking
DATA-containing extended attributes that could be used by samba to 
support the same types
of meta data that windows and linux(with xfs, et al.) already support.
>
> So after you upgrade all of the network and local disk file systems to 
> support ADS, so applications can use them without breaking capability 
> (and this includes all of the bookshelf file servers serving NFS some 
> of which are still on 2.6 kernels thanks to binary firmware blobs), 
> and after you upgrade all of the tripwire and rootkit detection 
> programs, and after you upgrade zip, rar, tar, etc, to support 
> alternate data streams ---- what's the benefit?
----
    It's the exact same benefit as supporting ACL's and file-based 
capabilities.  Since those
are already implemented on several file systems, any utils that don't 
handle those are already
in bigger trouble than whether or not they handle artist names on a 
music collection, and 1 or
more filesystems implement them by storing them in "ADS's" (extended 
attributes).

    That's why I started off my reply by saying that "ignoring this 
issue" would be
"burying one's head in the sand."

>
> We've lived without alternate data streams for a long time,
Who is "we".  They've been on linux since 2001 or earlier.  Same with 
Windows and Macintosh.

> and programs like Libreoffice have developed alternate solutions to 
> the problem.
They store all the ACL's and file-based capabilities in place of using 
fs-based ext-attrs/ADS's?
And you would describe this as "secure"?
>   So is it really worth the effort? 
Many system utils already handle them.  Some applications never will.  
Take your pick.

gnu 'cp' already handles them.  schilly's version of 'tar' has handled 
them for ~10 years (when
it's working...;-))  But why programs like apache would have to change 
requires a bit more
fleshing out.  

> Microsoft probably developed ADS more as a Halloween document strategy 
> to screw over open source systems by making them think they had to 
> follow them (badly) with every single bad idea.
Didn't Apple have them first in HFS?... I don't remember the chronology 
exactly..but Apple's
usage seems more mature and widespread.

>   Given that Microsoft has become more and more irrelevant, I think it 
> will be very, VERY hard to convince the entire open source ecosystem 
> that it's worth the effort to develop ADS for Linux, *BSD, GNOME, 
> Libreoffice, Apache, etc.
    Given that mobile computing is making desktop computing more 
irrelevant, and that
the current king of mobile computing is Apple and they *do* implement 
ADS's, the implication
of the above premise is doubtful.

    At least Linux already has ADS's -- though maybe not in some 
"unlimited form" that
other vendors have, 64k is more than enough to implement any malware 
springboard that you
would need, if you insist on using Solaris's model -- but no one is 
asking for that.




More information about the samba mailing list