GitHub - mountainstorm/wormxattr: A write once, read many filesystem OSX kext. It uses the security policy module support within xnu; hooking filesystem operations to provide WORM functionality based on an extended attribute.

mountainstorm / wormxattr Public

Notifications You must be signed in to change notification settings
Fork 4
Star 11

A write once, read many filesystem OSX kext. It uses the security policy module support within xnu; hooking filesystem operations to provide WORM functionality based on an extended attribute.

11 stars 4 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
wormxattr.xcodeproj		wormxattr.xcodeproj
wormxattr		wormxattr
wormxattr_test.xcodeproj		wormxattr_test.xcodeproj
wormxattr_test		wormxattr_test
.gitignore		.gitignore
README.txt		README.txt
sysctl.conf		sysctl.conf

Repository files navigation

wormxattr
---------
A simple mach security policy extension which provides WORM (Write Once, Read Many) functionality. It makes use of vnode labels, which need to be enabled as early in the boot process as possible. To help you can stick the sysctl.conf file in /etc, install the driver and reboot.

To use, create a new directory and set the extended attribute "com.mountainstorm.Worm". Once this is done you can create files in the directory and read/write whilst you have that file handle open. Once you close the file handle you can only read (you can remove the xattr though)

wormxattr_test is a otest library which has a set of unit test to validate that the drivers working.

Issues
------
You may have a small issue in loading the driver (have a look in Console.app and look at messages from the early boot process - when other policy/sandbox drivers are loaded).

This is due to a hack I use to get loaded very very early in the boot process. OSX does a check against the copyright string etc before loading the driver. This code may have changed from when I wrote this. As such you can just remove the AppleSecurityExtension key from the kext's plist.

Note: this is from memory, it was 6 months ago I wrote this ... if that doesn;t work send me a message.

License (MIT style)
-------------------
Copyright (c) 2012 Mountainstorm

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

About

A write once, read many filesystem OSX kext. It uses the security policy module support within xnu; hooking filesystem operations to provide WORM functionality based on an extended attribute.

Readme

Activity

11 stars

3 watching

4 forks

Report repository