apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Fw: file attribute questions
Date Tue, 21 Aug 2001 16:04:01 GMT
[forwarded to dev, where the discussion belongs]

----- Original Message ----- 
From: "Martin Kraemer" <Martin.Kraemer@Fujitsu-Siemens.com>
To: <new-httpd@apache.org>
Sent: Tuesday, August 21, 2001 9:43 AM
Subject: Re: file attribute questions


> On Tue, Aug 21, 2001 at 08:36:33AM +0200, Kraemer, Martin wrote:
> > Luckily there are VERY few programs which rely on the correct implementation
> > of the semantics of the ctime field.
> 
> I failed to give an example for a program which relies on the unix
> semantics for ctime.
> 
> Let's first recall that the *system* sets the value of the ctime field
> whenever *the system* makes a change to the inode. There is no function
> to manipulate the st_ctime value and set it to arbitrary values
> (unless you consider changing the hardware clock to arbitrary values
> an "interface").
> 
> Based on that fact, the value of the ctime field cannot be controlled
> by a non-super-user, and can be used to monitor changes to a file,
> for example:
>   - change in number of hard links to the file
>   - change in size, or inode allocations,
>   - but also, changing of the mtime or atime stamps (e.g. to "hide"
>     the malevolent modification of a /usr/sbin/sshd trojan)
> 
> And it is this functionality which is used for example by the
> well known tripwire program to monitor the integrity of important
> system files. A ctime change on a system file CAN point to trouble.
> 
>    Martin
> -- 
> <Martin.Kraemer@Fujitsu-Siemens.com>    |       Fujitsu Siemens
>        <martin@apache.org>              |   81730  Munich,  Germany
> 


Mime
View raw message