Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / General / General / October 2008


Tip: Looking for answers? Try searching our database.

Old solaris curmudgeon trying to learn OS X filesystem internals

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
student.in.security@gmail.com - 03 Oct 2008 21:16 GMT
I am trying to get my knowledge of OS X up to the level of my old
knowledge of Solaris, for reasons of doing computer compromise
investigations.  I know about inodes, and the capabilities of the OS
calls that update the Create, Modify, and Access times for files and
directories.  It is important from a timeline analysis standpoint.  I
don't have a clue for OS X and their CINDs Catalog File, and Extents
overflow file.

Anyone have a reference to the internals of the OS X files system?
Anyone have a reference to the system calls that open files,
directories, etc.

Also, like Harlan Carvey, I like perl, and perl has an interface to
the "stat" call to dump the information about a posix inode (which of
course isn't an inode underneath), does anyone know of a lower level
equivalent for perl that doesn't go through the posix filter?

I will cross post this to the other investigations group, so if you
are like me, and a member of both groups, I apologize in advance.

Thanks in advance.

Jim
Reply to this Message
Tom Harrington - 04 Oct 2008 00:05 GMT
In article
<4f288a11-6def-4975-984f-0add1f590c68@i76g2000hsf.googlegroups.com>,

> I am trying to get my knowledge of OS X up to the level of my old
> knowledge of Solaris, for reasons of doing computer compromise
[quoted text clipped - 7 lines]
> Anyone have a reference to the system calls that open files,
> directories, etc.

You will be wanting a copy of "Mac OS X Internals", which you can read
about at <http://www.osxbook.com/>.  It may be slightly out of date but
it's the best all-around reference for the kind of information you're
seeking.  That web site also has a lot of good information.

Signature

Tom "Tom" Harrington
Independent Mac OS X developer since 2002
http://www.atomicbird.com/

Reply to this Message
hrh1818 - 04 Oct 2008 00:16 GMT
On Oct 3, 3:16 pm, student.in.secur...@gmail.com wrote:
> I am trying to get my knowledge of OS X up to the level of my old
> knowledge of Solaris, for reasons of doing computer compromise
[quoted text clipped - 19 lines]
>
> Jim

One possibility is the book Mac OS x Internals by Amt Singh.  The book
has one chapter on the HFS Plus file system, 110 pages long.  The
chapter includes a section on special files including 5 pages on the
Catalog File.   If you are near a Borders Book store you might see if
they have one in stock.  Some of the larger Borders that haven't
drastically cut their stock of programming books generally keep one on
hand.

Howard
Reply to this Message
hrh1818 - 04 Oct 2008 00:27 GMT
On Oct 3, 3:16 pm, student.in.secur...@gmail.com wrote:
> I am trying to get my knowledge of OS X up to the level of my old
> knowledge of Solaris, for reasons of doing computer compromise
[quoted text clipped - 19 lines]
>
> Jim

Another useful book is "Advanced Mac OS X Programming by Mark
Dalrymple and Aaron Hillegass.  This book has three chapters on the
API to the Mac OS X file system.

Howard
Reply to this Message
Malcolm - 04 Oct 2008 09:35 GMT
> I am trying to get my knowledge of OS X up to the level of my old
> knowledge of Solaris, for reasons of doing computer compromise
[quoted text clipped - 5 lines]
>
> Anyone have a reference to the internals of the OS X files system?
<http://developer.apple.com/technotes/tn/tn1150.html>
Reply to this Message
Wes Groleau - 04 Oct 2008 19:47 GMT
> I am trying to get my knowledge of OS X up to the level of my old
> knowledge of Solaris, for reasons of doing computer compromise
[quoted text clipped - 3 lines]
> don't have a clue for OS X and their CINDs Catalog File, and Extents
> overflow file.

sounds like you need Apple's documentation for the HFS+ filesystem,
along with the Open Source part of OS X that maps the BSD (ext3)
filesystem onto HFS+

Signature

Wes Groleau
  "Grant me the serenity to accept those I cannot change;
   the courage to change the one I can;
   and the wisdom to know it's me."
                               -- unknown

Reply to this Message
Jeffrey Goldberg - 05 Oct 2008 03:56 GMT
> sounds like you need Apple's documentation for the HFS+ filesystem,
> along with the Open Source part of OS X that maps the BSD (ext3)
> filesystem onto HFS+

BSD tends to use ufs.  It's Linux where ext3 is common.

I'm looking forward to when ZFS is fully stable and normal on both OS X
and FreeBSD so that I can have a common filesystem for the systems I use.

Cheers,

-j

Signature

Jeffrey Goldberg                     http://www.goldmark.org/jeff/
 I rarely read top-posted, over-quoting or HTML postings.
 http://improve-usenet.org/

Reply to this Message
Wes Groleau - 06 Oct 2008 03:20 GMT
>> sounds like you need Apple's documentation for the HFS+ filesystem,
>> along with the Open Source part of OS X that maps the BSD (ext3)
>> filesystem onto HFS+
>
> BSD tends to use ufs.  It's Linux where ext3 is common.

Oops, you're right.  Sorry.  My BSD machine happily serves files
to the Macs so well that I haven't even logged in on it in years.

Signature

Wes Groleau

  Promote multi-use trails in northeast Indiana!
  http://www.NorthwestAllenTrails.org/

Reply to this Message
Jeffrey Goldberg - 07 Oct 2008 19:30 GMT
> My BSD machine happily serves files to the Macs so well that I haven't
> even logged in on it in years.

Are you using NFS, Samba, or AFS?  I'd like to learn about such set-ups,
particularly if they are working well.

And when you say that you haven't logged in for years, I'm hoping that
that means that you've automated the process of performing security
updates.

Cheers,

-j

Signature

Jeffrey Goldberg                     http://www.goldmark.org/jeff/
 I rarely read top-posted, over-quoting or HTML postings.
 http://improve-usenet.org/

Reply to this Message
Wes Groleau - 08 Oct 2008 04:22 GMT
>> My BSD machine happily serves files to the Macs so well that I haven't
>> even logged in on it in years.
>
> Are you using NFS, Samba, or AFS?  I'd like to learn about such set-ups,
> particularly if they are working well.

NFS

> And when you say that you haven't logged in for years, I'm hoping that
> that means that you've automated the process of performing security
> updates.

Its OS is still back at FreeBSD 6.1 (mid-2006).
I'm not worried about its security.  Hacking that
machine requires hacking the router that accepts
no incoming connections, then hacking the Mac
(as up-to-date as 10.3.9 can get) or the fully
updated Kubuntu.  The BSD only provides file space
to the Macs.  It won't even talk to anyone else.

Signature

Wes Groleau

   Trying to be happy is like trying to build a machine for which
   the only specification is that it should run noiselessly.
                              -- unknown

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.