How can I make a file trully immutable (non-deletable and read-only)?

windows security delphi winapi
12,643

Solution 1

A way be to sure that these files aren't changed 'behind the scenes' would be to add a signature to the file.

To sign the file you could for example: Make a string with the whole content of the file + a secret password and calculate an SHA1-Hash of the string. Then add this hash on the first or last line of the file.

To check the signature: Read the file, remove the line with the hash, add the secret password, recalculte the hash and check if it is the same as the one in the file.

To calculate SHA-1-Hashes with Delphi you can for example use MessageDigests.

Solution 2

This is one of the "what would happen if that were true?" questions. It has nothing to do with the operating system, the points apply equally to any general purpose computer.

Imagine that there were a way to somehow create an immutable file.

  • What's there to stop someone from filling up a file system with an immutable file (or many of them)?

  • What if someone were to create immutable files with pathnames the operating system needs (Windows example - NTUSER.DAT for some user, *nix example - /bin/ls, etc.)?

  • What if the operating system decides it must move the file (e.g., while defragmenting or otherwise reorganizing the file system)?

  • What if a piece of malware replaces a system file with a copy of itself then makes that file immutable to prevent anyone from ever cleaning the system?

I feel the question is incomplete as it is now. Could you edit it to include more details about the underlying problem you're trying to solve?

Solution 3

You can't do that, for the simple reason that you shouldn't ever be allowed to anyway. As Mihal pointed out, this has the potential to wreak havoc on a computer.

Programming Ethics 101: If your program is going to run on someone else's computer, remember that it's their property, not yours. That means they have the right to modify and/or delete anything they want to. Try to treat the system like your property, and they'll treat your program like malware.

Probably the best solution, if you need to make certain that a file will be available, is Massif's idea to embed it within your program as a resource. That way, nothing short of someone tampering with the EXE will stop you from having it available, and if that does happen, you've got bigger problems to worry about anyway.

Solution 4

burn a cd.

Solution 5

Buy a PROM, and a micro controller programmer kit, and burn your file into the ROM...

Share:
12,643
John Thomas
Author by

John Thomas

Updated on June 08, 2022

Comments

  • John Thomas
    John Thomas almost 2 years

    I need to make a file truly read only - to keep it as is. No delete, no nothing.

    (Setting the 'ReadOnly' attribute isn't an option)

    I see now some approaches:

    1. Use a program to keep the file open. Drawback: One can kill the process an then the file closes.

    2. Use a program to set the security attributes. Drawback: The file can be deleted. Also, the attributes can be changed back.

    Any ideas? Also, a sample code (preferably in Delphi) would be appreciated.

    UPDATE: Thanks to all answers so far. They are really great. I realize that I wasn't very clear. The problem which we want to solve is this:

    There are some .txt-like files which contains sensitive information. Our clients wants to be sure that these files aren't changed 'behind the scenes' on their computers. We should mention that their PCs can be infected easily with malware specifically targeted to do this thing. Our clients should be able to open these files with Notepad, Wordpad etc. but they accept that the files are Read Only. If any of our clients take a decisive action like entering in 'Safe Mode' etc. and tampering the files from there is their responsibility. We should guard them from any malware, including a zero-day attack. (Hence a classical Antivirus solution isn't so appropriate).

    Can you give now some ideas?

    PS: My most sincere apologies once again for not being so clear from the beginning.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Downloading a file in Delphi
How to get File Created, Accessed and Modified dates the same as windows properties?
Unlock Windows workstation programmatically
Why does CreateProcess give error 193 (%1 is not a valid Win32 app)
How to detect true Windows version?
Finding a Windows user's "true" application data folder?
How to unlock Windows lockscreen?
How to create directory with all rights granted to everyone
How to create a new process with a lower Integrity Level (IL)?
Checking digital signature programmatically from Delphi