Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

15.5 Extended Attributes in UFS

In Solaris 9, a new interface was added to UFS for the storage of attributes. Rather than ACLs, which added a shadow inode to each file for permission storage; extended attributes adds a directory inode to each file (see struct icommon). This directory is not part of the regular file system name space, rather it is in its own dimension and is attached to ours via a worm-hole of function calls, such as openat(2) and attropen(3C).

An excellent discussion of extended attributes can be found in fsattr(5). This interface exists to support any extra attributes desired for files - this may be to support files from other file systems that require the storing of non-UFS attributes. Other uses will be discovered over time.

The following demonstration should get to the point quickly. Here we create an innocuous file, tardis.txt, and copy (yes, copy) several other files into its extended attribute name space, purely as a demonstration.

   $  date > tardis.txt

   $  ls -l tardis.txt
-rw-r--r--   1 user1    other          29 Apr  3 10:46 tardis.txt

$  runat tardis.txt cp /etc/motd /etc/group /usr/bin/ksh .

   $ runat tardis.txt ls -l
total 352
-rw-r--r--   1 user1    other        286 Apr  3 10:47 group
-r-xr-xr-x   1 user1    other     171396 Apr  3 10:47 ksh
-rw-r--r--   1 user1    other         55 Apr  3 10:47 motd

$  ls -l tardis.txt
-rw-r--r--   1 user1    other          29 Apr  3 10:46 tardis.txt
$  ls -@ tardis.txt
-rw-r--r--@  1 user1    other          29 Apr  3 10:46 tardis.txt
$
$  du -ks tardis.txt
184      tardis.txt

The runat tardis.txt ls -l command is listing the contents of the extended attribute name space associated with tardis.txt, which now contains a copy of three files. Note that the final ls -l tardis.txt doesn't show any difference unless the -@ option is used (displaying "@" in the same place where files with ACLs display "+"). The -@ option is new to ls(1), cp(1), tar(1) and cpio(1). The find(1) command has a -xattr option to find files that have extended attributes. The demonstration also shows that du is extended attribute aware.

Copying the ksh file was deliberate, as it allows us to journey to another world:

   $ runat tardis.txt ./ksh
cannot access parent directories
$ ls -la
total 33136
drwxr-xr-x   2 user1    other        180 Apr  3 10:47 .
-rw-r--r--   1 user1    other   16777245 Apr  3 10:52 ..
-rw-r--r--   1 user1    other        286 Apr  3 10:47 group
-r-xr-xr-x   1 user1    other     171396 Apr  3 10:47 ksh
-rw-r--r--   1 user1    other         55 Apr  3 10:47 motd
$ pwd
cannot access parent directories
$ cd ..
./ksh: ..: not a directory
$ exit

Those security minded readers may imagine many entertaining abuses of extended attributes at this point. The can be turned off if needed, in Solaris 10 a -noxattr UFS mount option was added.

  • + Share This
  • 🔖 Save To Your Account