.dmg
From Wikipedia, the free encyclopedia
| DMG | |
 |
|
| File extension: | .dmg |
|---|---|
| MIME type: | application/octet-stream |
| Uniform Type Identifier: | com.apple.disk-image |
| Developed by: | Apple Computer |
A file with the extension .dmg (an abbreviation for disk image) uses a disk image format commonly found on Mac OS X. The format allows secure password protection as well as file compression and hence serves both security and file distribution functions. Its most common function is the distribution of software over the Internet. When opened, DMG files are "mounted" as a drive within the Finder.
DMG files can be easily created (with or without encryption) using utilities that are included in OS X: Disk Utility in Mac OS X v10.4 and 10.3 or Disk Copy in earlier versions. These utilities also use DMG files as images for burning CDs and DVDs. DMG files may also be managed via the command line using the hdiutil utility.
DMG files are published with a MIME type of application/octet-stream. As many web publishers tend to be less knowledgeable about Apple-specific file types, this MIME type is not set, often resulting in the user experience of attempting to download DMG files as text directly to the browser window, forcing the use of an option-click or a similar workaround to download the file. For this reason, DMG files may be distributed as bzip2 (.dmg.bz2) or ZIP (.dmg.zip) files. These wrappers typically don't compress the file further, but rather help ensure that the files are handled correctly by the server and browser software.
Utilities exist to convert DMG files into ISO images, however, DMG files do often contain other types of disk images such as HFS+ volumes.
With Mac OS X 10.2.3, Apple introduced Internet-Enabled Disk Images. With these images the contents of the disk image are automatically copied and the image file discarded.[1]
[edit] Vulnerability
On November 20, 2006 as part of the Month of Kernel Bugs project a vulnerability was identified with Mac OS X's handling of corrupted DMG files. Its discoverers believed this bug had the potential of allowing arbitrary code execution with privilege escalation. When combined with Safari's default handling of disk images, this could have caused code to be executed automatically with superuser privileges when visiting a web page.[2][3] This vulnerability was patched in Security Update 2007-003.[4]
[edit] See also
- Installer (Mac OS X)
- cloop, a similar disc image format designed for Linux LiveCDs
[edit] References
- Apple Developer Connection A Quick Look at PackageMaker and Installer
- O'Reilly Mac DevCenter Tip 16-5. Create a Disk Image from a Directory in the Terminal
