[Samba] NFSv4 acls inheritance flags

Theodore Tso tytso at google.com
Sun May 11 07:47:41 MDT 2014


On Fri, May 9, 2014 at 11:08 PM, Linda W <samba at tlinx.org> wrote:

>
> From everything I've read ADS on windows (7 or before, dunno if things
> have changed on 8)...they have similar security  "issues" to XFS extended
> attrs.  Extended attrs are limited in size to something like 64K, but
> that's more than enough to bootstrap something else.
>
> Note: I understand that one *used* to be able to execute alternate data
> forks
> directly in Windows 2000, but in Windows 7, people attempting to use the
> same "feature", get a "not found" message -- the ADS can be "edited" or
> opened with a text editor, but not executed directly.
>

One of the big problems is that the Solaris interface for ADS, back when
people foolishly thought that it made sense to compete misfeature for
misfeature with everyone of Microsoft's Bad Ideas, is that the their
alternate data streams were first class files and directories.  You could
fchdirat() into the root of the alternate data stream, and then create an
entire directory hierarchy of files that could be marked executable.   So
you could in theory put an entire chroot inside a Solaris Alternate Data
Stream.

You could argue that the answer is to make the ADS less fully functional,
and castrate its functionality --- but if you're going to do that, it's
worth asking the question whether it deserves to exist at all.   And of
course, that's not all of the costs we would have to mitigate.   It
encourages applications to create files that will get broken if you try to
down load them using http or ftp; will break if you try to tar them up, or
if you try to use them on an NFS server, etc., etc.

So after you upgrade all of the network and local disk file systems to
support ADS, so applications can use them without breaking capability (and
this includes all of the bookshelf file servers serving NFS some of which
are still on 2.6 kernels thanks to binary firmware blobs), and after you
upgrade all of the tripwire and rootkit detection programs, and after you
upgrade zip, rar, tar, etc, to support alternate data streams ---- what's
the benefit?

We've lived without alternate data streams for a long time, and programs
like Libreoffice have developed alternate solutions to the problem.   So is
it really worth the effort?   Microsoft probably developed ADS more as a
Halloween document strategy to screw over open source systems by making
them think they had to follow them (badly) with every single bad idea.
Given that Microsoft has become more and more irrelevant, I think it will
be very, VERY hard to convince the entire open source ecosystem that it's
worth the effort to develop ADS for Linux, *BSD, GNOME, Libreoffice,
Apache, etc.

-- Ted


More information about the samba mailing list