public inbox for linux-mtd@lists.infradead.org
 help / color / mirror / Atom feed
From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: "Jörn Engel" <joern@wohnheim.fh-wedel.de>
Cc: linux-mtd@lists.infradead.org,
	David Woodhouse <dwmw2@infradead.org>,
	KaiGai Kohei <kaigai@ak.jp.nec.com>
Subject: Re: JFFS2/xattr problems.
Date: Tue, 13 Jun 2006 22:36:59 +0900	[thread overview]
Message-ID: <448EBF7B.20306@kaigai.gr.jp> (raw)
In-Reply-To: <20060612180653.GA17177@wohnheim.fh-wedel.de>

Hi, Jörn

> Seems you missed Ted's presentation at LCA this year.  Among the
> interesting bits:

If this presentation is public, could you tell me the URL?
This indication is highly suggestive for me.
Especially, I have not imagine yet the possibility that
malware uses xattr to hide itself.

Thanks,

> o Pretty much anything on Linux is limited to 64KiB or less.
> o Ext[23] is limited to 4KiB total for all attributes, including all
>   keys and all values.
> o The biggest user of Alternate Streams (less-limited versions of
>   xattr on Windows, Solaris, etc.) arguably is root kits.  Alternate
>   Streams have the advantage that tripwire etc. don't understand them
>   and won't look for malware there.
> o Some system administrators have no plans to upgrade to Solaris 9
>   ever, because it supports Alternate Streams.  The trouble of hidden
>   malware is not worth the gains.
> 
> Notable was also, that Ted repeated the last two points in several
> variations.  Not sure if I would follow his line of thought 100%, but
> he does have a point.
> 
> Jörn
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

  reply	other threads:[~2006-06-13 13:35 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-20 18:41 JFFS2/xattr problems David Woodhouse
2006-05-21  3:22 ` David Woodhouse
2006-05-21 11:24   ` KaiGai Kohei
2006-05-21 11:19 ` KaiGai Kohei
2006-05-21 12:41   ` David Woodhouse
2006-06-12  2:17   ` KaiGai Kohei
2006-06-12  8:03     ` David Woodhouse
2006-06-12  9:43       ` KaiGai Kohei
2006-06-12  9:53         ` David Woodhouse
2006-06-12 18:06           ` Jörn Engel
2006-06-13 13:36             ` KaiGai Kohei [this message]
2006-06-13 14:13               ` Jörn Engel
2006-06-14 21:58                 ` Theodore Tso
2006-06-15 11:47                   ` Jörn Engel
2006-06-15 15:24                     ` Theodore Tso
2006-06-13 13:30           ` KaiGai Kohei
2006-06-24  5:58             ` KaiGai Kohei
2006-06-24 12:44               ` David Woodhouse
2006-06-26 15:45               ` David Woodhouse
2006-06-27  2:43                 ` KaiGai Kohei
2006-06-29  6:02                   ` KaiGai Kohei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=448EBF7B.20306@kaigai.gr.jp \
    --to=kaigai@kaigai.gr.jp \
    --cc=dwmw2@infradead.org \
    --cc=joern@wohnheim.fh-wedel.de \
    --cc=kaigai@ak.jp.nec.com \
    --cc=linux-mtd@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox