Gerald Carter wrote: > > On Wed, 11 Jul 2001, Acryl wrote: > > > Again the 3 files were created, but the Creation time/date was set > > wrong, namely it was set to the very first creation time ( before I > > deleted them by hand ). Any following runs of the program produced the > > same results. > > This is known behavior. There is a window during which the "sticky" > behavior will occur. In fact, certain MS apps (e.g. Word) rely upon this > behavior. Known to who? Is it documented anywhere? The only documentation the vast majority of users have on NTFS is the online help that comes with windows. The obvious place that most people would look for this is the context-specific help on the file properties sheet accessed from Explorer, and all that says is "Displays the date and time on which the file or folder was created". It does not say "time on which the file, or another one with a similar name, was created". If it did then maybe we could call it "well-known" behaviour. Anyone involved in technical support or trouble shooting is likely to have the MS technet documentation. On my CD, chapter 17 of the "Windows 2000 Professional System Configuration and Management", on file systems, has a section on NTFS file attributes, which look like an obvious place to start. Also a section on the Change log. But there is no indication that "created" means anything different on NTFS than it did on FAT. I haven't found it in 3 or 4 other likely looking documents. As it is, all sorts of questions follow from it. What is the window? Where does NTFS store the information while the old file doesn't exist? (Is it the change journal? It isn't mentioned.) What happens to Word if someone accidentally or deliberately breaks the mechanism? The behaviour is easy to replicate as described, and I can also make it happen from the command line without bothering with all that mouse clicking. It sure looks like a bug or a vulnerability to me. Ken Brown
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 09:06:29 PDT