Alternate data streams

In a computer file system, a fork is byte stream associated with a file system object. Every non-empty file must have at least one fork, and depending on the file system, a file may have one or more other associated forks, which in turn may contain primary data integral to the file, or just metadata. Unlike extended attributes, a similar file system feature which is typically limited in size, forks can be of arbitrary size, possibly even larger than the file's primary data fork. The size of a file is the sum of the sizes of each fork.

Implementations

Apple

Template:See File system forks are associated with Apple's Hierarchical File System (HFS).[1] Apple's HFS, and the original Apple Macintosh file system MFS, allowed a file system object to have several kinds of forks: a data fork, a resource fork, and multiple named forks.

The resource fork was designed to store non-compiled data that would be used by the system's graphical user interface (GUI), such as localisable text strings, a file's icon to be used by the Finder or the menus and dialog boxes associated with an application.[2] However the feature was very flexible, so additional uses were found, such as splitting a word processing document into content and presentation, then storing each part in separate resources. As compiled software code was also stored in a resource, often applications would consist of just a resource fork and no data fork.

One of HFS+'s most obscure features is that a file may have an arbitrary number of custom “named forks” in addition to the traditional data and resource forks. This feature has gone largely unused, as Apple never added support for it under Mac OS 8.1-10.3.9. Beginning with 10.4, a partial implementation was made to support Apple's extended inline attributes.

Until Mac OS X v10.4, users running the legacy Unix command line utilities (such as tar) included with Mac OS X would risk data loss, as the utilities were not updated to handle the resource forks of files until v10.4.[3]

Novell

Starting in 1985, Novell NetWare File System (NWFS), and its successor Novell Storage Services (NSS), were designed from the ground up to use a variety of methods to store a file's metadata. Some metadata resides in Novell Directory Services (NDS), some is stored in the directory structure on the disk, and some is stored in, as Novell terms it, 'multiple data streams' with the file itself. Multiple data streams also allow Macintosh clients to attach to and use NetWare servers.

Microsoft

In Microsoft's NTFS file system forks are known as Alternate Data Streams (ADS).[4] In 1993, Microsoft released the first version of the Windows NT operating system which introduced the NTFS file system. This file system includes support for multiple named forks as alternate data streams for compatibility with pre-existing operating systems that support forks. With Windows 2000, Microsoft started using alternate data streams in NTFS to store things such as author or title file attributes[5] and image thumbnails.[6] With Service Pack 2 for Windows XP, Microsoft introduced the Attachment Execution Service that stores details on the origin of downloaded files in alternate data streams attached to files, in an effort to protect users from downloaded files that may present a risk.[7]

Windows NT versions include the ability to use forks in the API, and some command line tools can be used to create and access forks, but they are ignored by most programs, including Windows Explorer and the DIR command. Windows Explorer copies forks and warns when the target file system does not support them, but only counts the main fork's size and does not list a file or folder's streams. The DIR command has been updated in Vista to include an option that will list forks.[8]

Forks are not supported by the .NET framework because the pathname parser disallows a colon character anywhere but right after a drive letter.

Sun

The Solaris operating system version 9 and later allows files to have "extended attributes", which are actually forks; the maximum size of an "extended attribute" is the same as the maximum size of a file, and they are read and written in the same fashion as files. Internally, they are actually stored and accessed like normal files, so their names cannot contain "/" characters and their ownership and permissions can differ from those of the parent file.

Version 4 of the Network File System supports extended attributes in much the same way as Solaris.

Possible security and data loss risks

When a file system supports different forks, the applications should be aware of them, or security risks can arise. Allowing legacy software to access data without appropriate shims in place is the primary culprit for such problems.

If the different system utilities (disk explorer, antivirus software, archivers, and so on), are not aware of the different forks, the following problems can arise:

  • The user will never know the presence of any alternate fork nor the total size of the file, just of the main data fork.
  • Computer viruses can hide in alternate forks on Windows and never get detected if the antivirus software is not aware of forks.
  • Data can be lost when sending files via fork-unaware channels, such as e-mail, file systems without support for forks, or even when copying files between file systems with forks support if the program that made the copy does not support forks or when compressing files with software that does not support forks.

See also

References

External links

  • MSDN Library: File Streams
  • FAQ: Alternate Data Streams in NTFS
  • Alternate Data Streams
  • Alternate Data Streams in Windows
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.