On Aug 15, 2008, at 10:33 AM, Jason Coco wrote:
On Aug 15, 2008, at 11:11 , Jeff Johnson wrote:
Jason,
See the following threads for some discussion of these issues:
http://lists.apple.com/archives/Macnetworkprog/2008/Apr/msg00033.html
http://lists.apple.com/archives/Xcode-users/2008/Jul/msg00283.html
Interesting... thanks, Jeff. So I guess the answer is for speed/non-
sensitive cache
data, maybe confstr(_CS_DARWIN_USER_CACHE_DIR, path, length) is the
appropriate
call... and maybe for data that may need to actually reside in the
filevault, regardless of
speed, the return value from the Cocoa call is more appropriate (~/
Library/Caches)?
That sounds reasonable.
I would like to point out a couple of interesting things, though...
1) ~/Library/Caches is world writable too... so as long as you're
logged in, even if you have
your filevault armed, you're still gonna be somewhat vulnerable
to cache attacks.
This is incorrect, FileVault or not. Where do you get that idea?
2) The new temporary directory (returned the same by confstr
(_CS_DARWIN_USER_TEMP_DIR,...)
and NSTemporaryDirectory(...) is also outside the sphere of
filevault /and/ your files there
are not necessarily erased on log-out. I think it's cleaned up
with the computer boots (although it
may be deleted on shutdown, but I don't think so)... so if any
sensitive information were written to
the temp dir and the application relied on it being cleaned by
the OS, that could be an issue too if
your physical drive were compromised...
Too bad these aren't sysctl variables that could be set if security
were more important to the user
than performance... I checked the darwin source and the directories
returned by confstr(...) are
hard-coded into libc...
/Jason
Frankly, I've come to the conclusion that while FileVault is a nice
idea in theory, there's just no way for the FileVault user to protect
from developers -- whether Apple or third parties -- writing files to
the wrong place. Thankfully, it seems that we're finally getting some
full disk encryption solutions for the Mac. There is at least one
already on the market (Check Point), and apparently others are
working on it too (e.g., PGP announced something, but it's currently
vaporware, perhaps to stop people from buying Check Point).
-Jeff
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
