Filesystem file times (creation, modification, access) cannot be trusted because nonprivileged user processes can set them to arbitrary dates. One cannot securely do "find -mtime" to see what changed recently. Fix things so they are; upon thought, it seems not such an easy problem. How do you deal with e.g. "cp" and "mv"? Replacing a file with another, from one point of view, does count as a recent change, even if the content is old. But sometimes we do want the age of the content. Of course, version control systems somewhat deal with this.
We could have a very sophisticated access time log, recording not just the latest access but all "read" accesses (and writes?), including which bytes. Rather than attach the log to the file, it's probably better for the operating system to keep a central log (which also logs renames and copies? Again, never so easy.). Databases do this.
The computer clock may not always be trusted (e.g., battery failure), so it might be helpful to record time as both time according to the clock, and "number of clock cycles this operating system has ever operated since installed" with the counter saved to disk in between reboots.
No comments :
Post a Comment