[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ext3 hacked filesystem (by debian exim4 exploit) available for analy

From: Luke Kenneth Casson Leighton
Subject: Re: ext3 hacked filesystem (by debian exim4 exploit) available for analysis and bugreporting
Date: Sat, 30 Jul 2011 14:03:34 +0100

On Sat, Jul 30, 2011 at 10:14 AM, Jim Meyering <address@hidden> wrote:
> Pádraig Brady wrote:
> ...
>> `strace lsattr ...` shows it calls ioctl (...FS_IOC_GETFLAGS...)
>> So there would be overhead.
>> The output of ls is fairly constrained too for compat reasons.

 well if that rule has been broken once for selinux (adding extra
symbols) then it can be broken again.

> One way by which ls -l could inform us that a file has
> "attributes" like that would be via what POSIX calls the
> "optional alternate access method flag".  Currently,
> it can be a space, a "+", or a ".":

 i'd advocate, when the ls --color option is set, changing the
background to something attention-grabbing (e.g. red).  it's far too
easy to miss an extra symbol otherwise, and "+", although intuitively
saying "there's more than meets the eye, here" is too similar to a
line of "-"s to really make people sit up and take notice.  i'd
certainly go "oh look, there's a +, how pretty", but a + on a red
background i might just stop and think, "eh? i no unnerstan, let's
look up man page or call some friends".


reply via email to

[Prev in Thread] Current Thread [Next in Thread]