Re: What's touching my executables?
I wrote: An increasing number of executables on that box are sporting ever newer mtimes. This appears to have been going on ever since the Jul 25 update. There is no clear pattern which executables are touched. md5 comparisons with previous backup levels (using a Jul 13 copy of md5) suggest that the executables have not been changed. I have updated the box (HEAD from Friday, alpha). The phenomenon still persists. I haven't observed any mtime changes on non-executable files. I'm running a small program that uses a kqueue(2) EVFILT_VNODE/NOTE_ATTRIB filter to watch for changes to /bin/*. During the last few hours some files there have changed their mtime without a kernel event being triggered. (An explicit touch(1) does trigger an event.) -- Christian naddy Weisgerber [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: What's touching my executables?
Will Andrews [EMAIL PROTECTED] writes: Probably the recent change (IIRC) that someone turned running an executable into a mtime change. Which change is that? /assar To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: What's touching my executables?
On Thu, 2 Aug 2001, David Greenman wrote: On Thu, Aug 02, 2001 at 06:28:59PM +, Christian Weisgerber ([EMAIL PROTECTED]) wrote: Probably the recent change (IIRC) that someone turned running an executable into a mtime change. There was no such change. I proposed a change that would update the atime, but that was not committed because it has some bad side effects. I didn't see that. I saw when you objected to me fixing the bug many years ago :-). The atime update was too slow for executables on nfs filesystems. I only used it to reduce the number of non-conformances found by the NIST Posix test suite. There is now a PR about this bug (kern/25777) with a very broken patch in it (it assume that all filesystems are ufs and hacks on ufs's IN_ACCESS flag). Bruce To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: What's touching my executables?
On Thu, Aug 02, 2001 at 06:28:59PM +, Christian Weisgerber ([EMAIL PROTECTED]) wrote: An increasing number of executables on that box are sporting ever newer mtimes. This appears to have been going on ever since the Jul 25 update. There is no clear pattern which executables are touched. md5 comparisons with previous backup levels (using a Jul 13 copy of md5) suggest that the executables have not been changed. For various reasons I consider it unlikely that I'm dealing with a security issue here, although I'm looking into that as well. Can anybody think of a technical explanation? Probably the recent change (IIRC) that someone turned running an executable into a mtime change. -- wca To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: What's touching my executables?
Will Andrews [EMAIL PROTECTED] wrote: Probably the recent change (IIRC) that someone turned running an executable into a mtime change. That was about _atime_ and the discussion was still going on after I last updated the box. Besides, I verified that simply running an executable does not lead to an mtime change. -- Christian naddy Weisgerber [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
