开发者

how to write back to an existing file, ensuring the bits on the disk get overwritten in OS X

What API's开发者_如何学运维 Cocoa or Core Foundation, can I use to make sure that when I write back to a file that already exists on the storage device, that the bits get written over? The idea is to clear out the bits for security reasons.


In modern filesystems, there's no way to guarantee that you are overwriting the same physical location on disk -- the lack of that guarantee allows the filesystem to offer you better performance. You might be interested in reading this paper (PDF), appropriately titled Why secure delete doesn't work and no sensitive data should ever be stored unencrypted on disk (emphasis mine).

Consider also this warning from the shred manpage:

CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes:

  • log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

  • file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems

  • file systems that make snapshots, such as Network Appliance's NFS server

  • file systems that cache in temporary locations, such as NFS version 3 clients

  • compressed file systems

That being said, there might be some way within Cocoa or Core Foundation to allow you to write to a specific head/cylinder/sector/etc. on a disk -- I'm not familiar enough with those APIs -- but I highly doubt it.


No such API exists. It would be much better to only store properly encrypted data on disk if you are worried about security.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜