Re: Question about directory for Application Caches
Re: Question about directory for Application Caches
- Subject: Re: Question about directory for Application Caches
- From: Jason Coco <email@hidden>
- Date: Fri, 15 Aug 2008 11:33:55 -0400
On Aug 15, 2008, at 11:11 , Jeff Johnson wrote:
Jason,
See the following threads for some discussion of these issues:
http://lists.apple.com/archives/Macnetworkprog/2008/Apr/msg00033.html
http://lists.apple.com/archives/Xcode-users/2008/Jul/msg00283.html
Interesting... thanks, Jeff. So I guess the answer is for speed/non-
sensitive cache
data, maybe confstr(_CS_DARWIN_USER_CACHE_DIR, path, length) is the
appropriate
call... and maybe for data that may need to actually reside in the
filevault, regardless of
speed, the return value from the Cocoa call is more appropriate (~/
Library/Caches)?
I would like to point out a couple of interesting things, though...
1) ~/Library/Caches is world writable too... so as long as you're
logged in, even if you have
your filevault armed, you're still gonna be somewhat vulnerable
to cache attacks.
2) The new temporary directory (returned the same by
confstr(_CS_DARWIN_USER_TEMP_DIR,...)
and NSTemporaryDirectory(...) is also outside the sphere of
filevault /and/ your files there
are not necessarily erased on log-out. I think it's cleaned up
with the computer boots (although it
may be deleted on shutdown, but I don't think so)... so if any
sensitive information were written to
the temp dir and the application relied on it being cleaned by
the OS, that could be an issue too if
your physical drive were compromised...
Too bad these aren't sysctl variables that could be set if security
were more important to the user
than performance... I checked the darwin source and the directories
returned by confstr(...) are
hard-coded into libc...
/Jason
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden