Re: Streams support in Linux

[Jeremy Allison <jra@samba.org>]

On Mon, Aug 27, 2018 at 10:05:31AM -0700, Jeremy Allison via samba-technical wrote:
> On Sat, Aug 25, 2018 at 08:03:03PM -0500, Steve French via samba-technical wrote:
> > On Sat, Aug 25, 2018 at 5:37 PM Al Viro via samba-technical
> > >
> > > Better yet, you need some new objects to represent those things, since
> > > you don't want any informative dentries.  And not fs-private ones, at
> > > that, since those new syscalls of yours would have to operate on them
> > > (after all, renaming something opened would probably be expected to
> > > have the opened descriptor to keep accessing the same object, wouldn't
> > > it?)
> > 
> > These are interesting questions, and there are cases where streams
> > have been shown to have value in Windows, and for Apple (in Macs).
> > Don't know whether the Solaris equivalent was useful - but presumably
> > was.
> 
> Sorry Steve, can't let this pass :-). Please name *one* case
> where streams have value in Windows or Mac. And I'm not talking
> about the case for EA's, these clearly have value (plus we already
> have them :-).
> 
> I'm talking about a case where there is clear value in having
> an openable/seekable stream on a file/directory.
> 
> I can't think of a *single* case where a stream adds more
> utility than an EA used in the same case.
> 
> I don't want theoretical "well it would be nice if..",
> I want clear "we couldn't have done it any other way"
> kinds of things.

Actually, to answer my own question, I do know of one
valid application that uses named streams.

The CIA exfiltration tools exposed by WikiLeaks used a
named stream on a top-level share directory to hide data being
stolen from the target (which is why I guess the CIA
doesn't employ NSA-level people, the NSA almost certainly
use the hidden data area behind Windows ACL store instead
as no known scanning tools look at that :-).

So if we really want to enable such things, by all means
add named streams to Linux :-) :-).