Fork (file system)
In a computer file system, a fork is byte stream associated with a file system object. Every non-empty file must have at least one fork, and depending on the file system, a file may have one or more other associated forks, which in turn may contain primary data integral to the file, or just metadata. Unlike extended attributes, a similar file system feature which is typically limited in size, forks can be of arbitrary size, possibly even larger than the file's primary data fork. The size of a file is the sum of the sizes of each fork.
File system forks are associated with Apple's Hierarchical File System (HFS). Apple's HFS, and the original Apple Macintosh file system MFS, allowed a file system object to have several kinds of forks: a data fork, a resource fork, and multiple named forks.
The resource fork was designed to store non-compiled data that would be used by the system's graphical user interface (GUI), such as localisable text strings, a file's icon to be used by the Finder or the menus and dialog boxes associated with an application. However the feature was very flexible, so additional uses were found, such as splitting a word processing document into content and presentation, then storing each part in separate resources. As compiled software code was also stored in a resource, often applications would consist of just a resource fork and no data fork.
One of HFS+'s most obscure features is that a file may have an arbitrary number of custom “named forks” in addition to the traditional data and resource forks. This feature has gone largely unused, as Apple never added support for it under Mac OS 8.1-10.3.9. Beginning with 10.4, a partial implementation was made to support Apple's extended inline attributes.
Until Mac OS X v10.4, users running the legacy Unix command line utilities (such as tar) included with Mac OS X would risk data loss, as the utilities were not updated to handle the resource forks of files until v10.4.
Starting in 1985, Novell NetWare File System (NWFS), and its successor Novell Storage Services (NSS), were designed from the ground up to use a variety of methods to store a file's metadata. Some metadata resides in Novell Directory Services (NDS), some is stored in the directory structure on the disk, and some is stored in, as Novell terms it, 'multiple data streams' with the file itself. Multiple data streams also allow Macintosh clients to attach to and use NetWare servers.
NTFS, the file system introduced with Windows NT 3.1, supports file system forks known as Alternate Data Streams (ADS). ADS originally meant to add compatibility with pre-existing operating systems that support forks. A computer program may be directed to open an ADS by specifying the name of ADS after a colon sign (:) in front of the file path. In spite of the support, most programs, including Windows Explorer and DIR command (before Windows Vista) ignore ADS. Windows Explorer copies ADS and warns when the target file system does not support them, but only calculates the main stream's size and does not list a file or folder's streams. DIR command in Windows Vista supports showing ADS. Windows PowerShell v3.0 and later supports manipulating ADS.
Windows 2000 uses ADS to store thumbnails in image files and summary information (such as title and author) in any file, without changing the main stream. With Windows XP, Microsoft realized that ADS is susceptible to loss when the files containing them are moved off NTFS-formatted volumes; thus Windows XP stores these information in the main stream whenever the file format supports it. Windows Vista discontinued support for adding summary information altogether, as Microsoft decided that these data are too sensitive for ADS to handle. But the use of ADS for other purposes did not stop. Service Pack 2 for Windows XP introduced the Attachment Execution Service that stores details on the origin of downloaded files in an ADS called zone identifier, in an effort to protect users from downloaded files that may present a risk. Internet Explorer and Windows 8 extended this function through SmartScreen. Internet Explorer also uses ADS to store favicons in Internet shortcut files.
The Solaris operating system version 9 and later allows files to have "extended attributes", which are actually forks; the maximum size of an "extended attribute" is the same as the maximum size of a file, and they are read and written in the same fashion as files. Internally, they are actually stored and accessed like normal files, so their names cannot contain "/" characters and their ownership and permissions can differ from those of the parent file.
Version 4 of the Network File System supports extended attributes in much the same way as Solaris.
Possible security and data loss risks
When a file system supports different forks, the applications should be aware of them, or security risks can arise. Allowing legacy software to access data without appropriate shims in place is the primary culprit for such problems.
If the different system utilities (disk explorer, antivirus software, archivers, and so on), are not aware of the different forks, the following problems can arise:
- The user will never know the presence of any alternate fork nor the total size of the file, just of the main data fork.
- Computer viruses can hide in alternate forks on Windows and never get detected if the antivirus software is not aware of forks.
- Data can be lost when sending files via fork-unaware channels, such as e-mail, file systems without support for forks, or even when copying files between file systems with forks support if the program that made the copy does not support forks or when compressing files with software that does not support forks.
- Apple (1996-07-02). "File Forks". Apple. Retrieved 2006-11-18.
- Bruce Horn. "The Grand Unified Model (1) - Resources". Folklore.org. Retrieved 2006-11-18.
- "Command-line Backup Solutions on Mac OS X". Apple. 2005-10-29. Retrieved 2006-11-18.[dead link]
- Microsoft. "Files and Clusters". Microsoft. Retrieved 2006-11-18.
- Law, Eric (8 September 2013). "Fun with Favicons". IEInternals. Microsoft. Retrieved 17 November 2013.
- Bart De Smet (2006-07-13). "Use Vista's DIR command to display alternate data streams". B# .NET Blog. Retrieved 2007-07-07.
- "FileSystem Provider (Windows PowerShell 3.0)". TechNet. Microsoft. 9 August 2012.
- Chen, Raymond (27 May 2011). "Why are custom properties created on Windows 2000 lost when I view the file from newer versions of Windows?". The Old New Thing. Microsoft. Retrieved 17 November 2013.
- Microsoft (2006-10-27). "Indexing service adds data streams to image files". Microsoft. Retrieved 2006-11-18.
- Chen, Raymond (1 May 2012). "What happened to the Summary information created on Windows 2000 and Windows XP?". The Old New Thing. Microsoft. Retrieved 17 November 2013.
- Bart De Smet (2005-08-19). "Demo of "Attachment Execution Service internals" in Windows XP SP2 and Windows Server 2003 SP1". B# .NET Blog. Retrieved 2006-11-18.
- Chen, Raymond (4 November 2013). "Manipulating the zone identifier to specify where a file was download from". The Old New Thing. Microsoft.
- MSDN Library: File Streams
- FAQ: Alternate Data Streams in NTFS
- Alternate Data Streams
- Alternate Data Streams in Windows