Vulnerability Development mailing list archives
RE: How to hide a file ?
From: "Mike Theriault" <Mike_Theriault () Jabil com>
Date: Tue, 8 Jan 2002 13:31:47 -0500
Yes I can reduplicate this, but I'm not sure I see the relevance of using the POSIX subsystem on Win2K to hide a file. By the way, where did you get VI from? My latest version of Interix doesn't come with it or emacs. Mike Theriault -----Original Message----- From: Farahbakhshian, Mike (OD) [mailto:FarahbaM () OD NIH GOV] Sent: Tuesday, January 08, 2002 1:20 PM To: vuln-dev () security-focus com Subject: RE: How to hide a file ? More interesting behavior: The cygwin toolkit appears to be somewhat less braindead than Windows Explorer or CMD.EXE with handling ADS. (although still more braindead than it probably should be!) (tested with cygwin -- DLL version 1.3.6) 'rm' will in fact remove alternate data streams. 'ls -a' will not show the ads in a general directory listing; however, if you explicitly name the file, it will show it (whereas 'dir' will not). But globbing will not work. $ echo "Foo" > foo.txt $ echo "Bar" > foo.txt:bar.txt $ more foo.txt Foo $ more foo.txt:bar.txt Bar $ ls -al *.txt -rw-r--r-- 1 mfarah users 8 Jan 8 13:16 foo.txt $ ls -al foo.txt:bar.txt -rw-r--r-- 1 mfarah users 6 Jan 8 13:16 foo.txt:bar.txt $ ls -al foo.txt:bar* ls: foo.txt:bar*: No such file or directory $ rm foo.txt:bar.txt $ ls -al foo.txt:bar.txt ls: foo.txt:bar.txt: No such file or directory $ more foo.txt:bar.txt # note that this worked before foo.txt:bar.txt: No such file or directory I am testing to see whether the inode is actually unlinked and the space returned to free store. In addition, when a file is created using 'vi' and then an ADS is opened (with vi), a hidden file named .originalfilename is created. Not very interesting, given that vi is the only program I have tested that does this $ vi foo.txt (data entered) $ ls -a .f* ls: .f*: No such file or directory $ vi foo.txt:bar.txt (data entered) $ ls -al .f* -rw-r--r-- 1 mfarah users 0 Jan 8 13:23 .foo.txt Maybe the way that the POSIX subsystem accesses the FS somehow mitigates the effects of ADS? Can anyone else replicate this behavior using Cygwin? (or U/Win or Interix for that matter?) - Mike -----Original Message----- From: Altheide, Cory [mailto:CAltheide () broadband att com] Sent: Tuesday, January 08, 2002 12:30 PM To: vuln-dev () security-focus com Subject: RE: How to hide a file ? Just a quick note on hiding using data streams... While the streams themselves are transparent, creating an alternate data stream does alter the modified date of the "parent" file. Cory Altheide Internet Security Coordinator AT&T Broadband Legal Demands Center > -----Original Message----- > From: Jose Nazario [mailto:jose () biocserver BIOC cwru edu] > Sent: Tuesday, January 08, 2002 10:10 AM > To: Udi dahan > Cc: vuln-dev () security-focus com > Subject: Re: How to hide a file ? > > > On Tue, 8 Jan 2002, Udi dahan wrote: > > > I was wondering if there's a way to hide a file under windows 2000 > > server, so that it will not be seen when using "show hidden file", > > "show all files" and so on. I want to hide a file but I want to be > > able to run the file only when I know exactly where it is > and what is > > the file name. > > use the file streams. h carvey has written some nice documentation on > this: > http://patriot.net/~carvdawg/perl.html > http://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0601/ > ISB0601HC.pdf > > an additional discussion is available on: > http://rr.sans.org/win/ADS.php > > enjoy, > > ____________________________ > jose nazario > jose () cwru edu > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD > 48 A0 07 80 > PGP key ID 0xFD37F4E5 > (pgp.mit.edu) > >
Current thread:
- RE: How to hide a file ?, (continued)
- RE: How to hide a file ? Altheide, Cory (Jan 08)
- RE: How to hide a file ? Bryan Allerdice (Jan 08)
- RE: How to hide a file ? H C (Jan 08)
- RE: How to hide a file ? Farahbakhshian, Mike (OD) (Jan 08)
- RE: How to hide a file ? Altheide, Cory (Jan 08)
- RE: How to hide a file ? H C (Jan 08)
- RE: How to hide a file ? Oleg Kozitski (Jan 08)
- Re: How to hide a file ? Ryan Permeh (Jan 08)
- Re: How to hide a file ? Ron DuFresne (Jan 08)
- Re: How to hide a file ? Blue Boar (Jan 09)
- RE: How to hide a file ? H C (Jan 08)
- RE: How to hide a file ? Altheide, Cory (Jan 08)
- RE: How to hide a file ? Mike Theriault (Jan 08)
- RE: How to hide a file ? Matthew LaGrange (Jan 08)
- RE: How to hide a file ? John Stauffacher (Jan 08)
- RE: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- RE: How to hide a file ? John Stauffacher (Jan 08)