Date: Thu, 29 Jan 2009 09:35:54 -0800
From: Bob Miller <[email protected]>
Horst, if you were serious about it, you could write a program to
change the date,
touch the file, and change the date again. I'd be surprised if the system time
were changed for more than a millisecond.
OK, I declare defeat :-) -- at least as far as the hack approach is
concerned (as root!)
But yes, that's the best you can do. The ctime is not supposed to be
user-settable.
That's good to know, and that's what I was originally wondering: To which
extend can a regular user cover up malicious activity by also changing the
ctime, on a production machine. So David Duncan's and Ben's approaches
don't really apply.
In the meantime I found a related post from 'the other PLUG':
http://lists.netisland.net/archives/plug/plug-2007-01/msg00132.html
I don't think anyone has mentioned the utime() and utimes() system calls.
The latter lets you set a file's atime and mtime with microsecond resolution.
(How much of that resolution is actually stored depends on the filesystem.)
Interesting!
To which extend do standard commands, like stat or tar actually support
floating point time stamps? (or fractions of a second). I always only
seem to see integers reported/stored.
- Horst
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug