JFFS2/xattr problems.
KaiGai Kohei
kaigai at kaigai.gr.jp
Tue Jun 13 09:36:59 EDT 2006
Hi, Jörn
> Seems you missed Ted's presentation at LCA this year. Among the
> interesting bits:
If this presentation is public, could you tell me the URL?
This indication is highly suggestive for me.
Especially, I have not imagine yet the possibility that
malware uses xattr to hide itself.
Thanks,
> o Pretty much anything on Linux is limited to 64KiB or less.
> o Ext[23] is limited to 4KiB total for all attributes, including all
> keys and all values.
> o The biggest user of Alternate Streams (less-limited versions of
> xattr on Windows, Solaris, etc.) arguably is root kits. Alternate
> Streams have the advantage that tripwire etc. don't understand them
> and won't look for malware there.
> o Some system administrators have no plans to upgrade to Solaris 9
> ever, because it supports Alternate Streams. The trouble of hidden
> malware is not worth the gains.
>
> Notable was also, that Ted repeated the last two points in several
> variations. Not sure if I would follow his line of thought 100%, but
> he does have a point.
>
> Jörn
--
KaiGai Kohei <kaigai at kaigai.gr.jp>
More information about the linux-mtd
mailing list