[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ext3 hacked filesystem (by debian exim4 exploit) available for analy
Luke Kenneth Casson Leighton
Re: ext3 hacked filesystem (by debian exim4 exploit) available for analysis and bugreporting
Sat, 30 Jul 2011 14:03:34 +0100
On Sat, Jul 30, 2011 at 10:14 AM, Jim Meyering <address@hidden> wrote:
> Pádraig Brady wrote:
>> `strace lsattr ...` shows it calls ioctl (...FS_IOC_GETFLAGS...)
>> So there would be overhead.
>> The output of ls is fairly constrained too for compat reasons.
well if that rule has been broken once for selinux (adding extra
symbols) then it can be broken again.
> One way by which ls -l could inform us that a file has
> "attributes" like that would be via what POSIX calls the
> "optional alternate access method flag". Currently,
> it can be a space, a "+", or a ".":
i'd advocate, when the ls --color option is set, changing the
background to something attention-grabbing (e.g. red). it's far too
easy to miss an extra symbol otherwise, and "+", although intuitively
saying "there's more than meets the eye, here" is too similar to a
line of "-"s to really make people sit up and take notice. i'd
certainly go "oh look, there's a +, how pretty", but a + on a red
background i might just stop and think, "eh? i no unnerstan, let's
look up man page or call some friends".