| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Dec 31 17:10:21 2005 From: eballen1 at qwest.net (Bruce Ediger) Subject: NTFS, broken by design? (was Re: Is this a Virus?) On Sat, 31 Dec 2005, Geo. wrote: > Actually not. If you fill an NTFS disk with files that are 1K or smaller it > forces the MFT to suck up the whole disk, small files are stored entirely in > the MFT instead of like larger files which have an MFT entry and a data > segment for storage area. Once that happens it's not possible to shrink the > MFT so the disk becomes useless for storing files larger than 1K even though > it shows as 90% empty and at the same time it allows the system to continue > running and spreading the virus. I believe that the model for NTFS was DEC's ODS-2, used in VAX/VMS, right? Did/does ODS-2 exhibit this same feature? ODS-2 didn't store data of small files in the file headers, as I recall. Also, has Microsoft change the implementation of "DIR" or the MFT? I seem to recall that appropriate flags to DIR would show you $MFT and $MBR and things like that, but I can't get that to work on the Windows XP boxes available to me. Booting Knoppix doesn't show me the MFT either, so, what's the scoop?
Powered by blists - more mailing lists