| Revision as of 21:50, 29 November 2005 editAlistairMcMillan (talk | contribs)Administrators33,791 edits Restore mention of NTFS's "alternate data streams". Add HPFS's "extended attributes".← Previous edit | Revision as of 21:51, 29 November 2005 edit undoAlistairMcMillan (talk | contribs)Administrators33,791 edits →Possible security risks with forks: Some small copyedits.Next edit → | ||
| Line 9: | Line 9: | ||
| <!-- should talk about different implementations of forks !--> | <!-- should talk about different implementations of forks !--> | ||
| ==Possible security risks with forks== | ==Possible security risks with forks== | ||
| When a filesystem supports different forks, the applications should be aware about them, or security risks can |
When a filesystem supports different forks, the applications should be aware about them, or security risks can arise. | ||
| If the different system utilities (disk explorer, antivirus software, archivers, and so on), are not aware of the different forks, the following problems can arose: | If the different system utilities (disk explorer, antivirus software, archivers, and so on), are not aware of the different forks, the following problems can arose: | ||
| Line 16: | Line 16: | ||
| * You can have data loss when sending files via fork unaware channels (], filesystems without multiple forks support -or even when copying between filesystems with forks support, if the program that mades the copy is unaware-, compressed archives) and not be aware of that. | * You can have data loss when sending files via fork unaware channels (], filesystems without multiple forks support -or even when copying between filesystems with forks support, if the program that mades the copy is unaware-, compressed archives) and not be aware of that. | ||
| Currently all versions of Windows suffer |
Currently all versions of Windows suffer from all of these problems. | ||
| ==External links== | ==External links== | ||
Revision as of 21:51, 29 November 2005
In computing, a fork is additional data associated with a file system object. Filesystem forks are traditionally associated with Apple's Hierarchical File System (HFS), however they are also available in Microsoft's NTFS filesystem, where they are known as alternate data streams. Other filesystems such as Novell's Novell Storage Services (NSS) and Netware File System (NWFS), and Veritas Software's Veritas File System (VxFS) also support filesystem forks, some pre-dating Microsoft's implementation.
HFS was designed to use resource forks to store metadata about a file that would be used by the graphical user interface (GUI) of the Apple Macintosh, such as a file icon or an image preview. However the feature was not limited to GUI data, so additional uses were found, such as splitting a word processing document into content and presentation, then storing the presentation information in the resource fork. One particular non-obvious use is that prior to Mac OS X, Postscript Type 1 fonts have traditionally been stored entirely in the resource fork, the data fork being empty.
Starting in 1985, NWFS and its successor NSS were designed from the ground up to use a variety of methods to store a file's metadata. Some metadata resides in Novell Directory Services (NDS), some is stored in the directory structure on the disk, and some is stored in, as Novell terms it, 'multiple data streams' with the file itself. Multiple data streams also allow Macintosh clients to attach to and use Netware servers.
In 1989, Microsoft and IBM released version 1.2 of their OS/2 operating system which included a new filesystem called HPFS. This filesystem included an implementation of forks referred to as extended attributes, allowing the addition of ASCII or binary data to a file. In 1993, Microsoft released the first version of the Windows NT operating system which introduced the NTFS filesystem. This filesysteam includes support for forks as alternate data streams for compatibility with pre-existing operating systems that support forks. With Windows 2000, Microsoft started using alternate data streams in NTFS to store things such as author or title file attributes and document thumbnail images. With Service Pack 2 for Windows XP, Microsoft introduced the Attachment Execution Service that stores details on the origin of downloaded files in alternate data streams attached to files, in an effort to protect users from downloaded files that may present a risk.
Possible security risks with forks
When a filesystem supports different forks, the applications should be aware about them, or security risks can arise.
If the different system utilities (disk explorer, antivirus software, archivers, and so on), are not aware of the different forks, the following problems can arose:
- The user will never know the presence of any alternate fork nor the total size of the file, just of the main data fork.
- Computer virus can hide in alternate forks and never get detected if the antivirus software are not aware of multiple forks.
- You can have data loss when sending files via fork unaware channels (e-mail, filesystems without multiple forks support -or even when copying between filesystems with forks support, if the program that mades the copy is unaware-, compressed archives) and not be aware of that.
Currently all versions of Windows suffer from all of these problems.
External links
- Apple Glossary
- Multi-Fork File System
- How To Use NTFS Alternate Data Streams from Microsoft.com
- Windows NTFS Alternate Data Streams by Don Parker writing for SecurityFocus.com
- Hidden Threat: Alternate Data Streams by Ray Zadjmool writing for WindowsSecurity.com
- LADS List Alternate Data Streams - a tool to search for NTFS alternate data streams
- LNS List NTFS Streams - a tool to search for NTFS alternate data streams
- ScanADS Scan Alternate Data Streams - an open source tool to scan NTFS alternate data streams
- NTFS Alternate Data Streams from The DiamondCS Archive