RE: Win2K/NTFS messes file creation time/date

From: Mark Norman (mark.normanat_private)
Date: Mon Jul 16 2001 - 09:37:26 PDT

Next message: Michael Wojcik: "RE: Messenger/Hotmail passwords at risk"

Previous message: bugzillaat_private: "[RHSA-2001:095-04] New util-linux packages available to fix vipw permissions problems"
Maybe in reply to: Acryl: "Win2K/NTFS messes file creation time/date"
Next in thread: Michael C. Bazarewsky: "RE: Win2K/NTFS messes file creation time/date"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<delurk>
Hello all,

Just wanted to provide y'all with some info.


> > 
> > On Wed, 11 Jul 2001, Acryl wrote:
> > 
> > > Again the 3 files were created, but the Creation time/date was set
> > > wrong, namely it was set to the very first creation time 
> ( before I
> > > deleted them by hand ). Any following runs of the program 
> produced the
> > > same results.
> > 
> > This is known behavior.  There is a window during which the "sticky"
> > behavior will occur. In fact, certain MS apps (e.g. Word) 
> rely upon this
> > behavior.
> 
> Known to who? Is it documented anywhere? 

It's called file tunneling.......
"The idea is to mimic the behavior DOS programs expect when they use the
safe save method. They copy the modified data to a temporary file,
delete the original and rename the temporary to the original. This
should seem to be the original file when complete. Windows NT performs
tunneling on both FAT and NTFS file systems to ensure long/short file
names are retained when 16-bit applications perform this safe save
operation. "

It can also be disabled via the Registry so I'm pretty sure its a
feature.


> 
> Anyone involved in technical support or trouble shooting is likely to
> have the MS technet documentation. 


Or access to the internet ;)
http://support.microsoft.com/support/kb/articles/Q172/1/90.asp?LN=EN-US&
SD=gn&FR=0&qry=ntfs%20and%20timestamp&rnk=1&src=DHCS_MSPSS_gn_SRCH&SPR=W
IN2000


>On my CD, chapter 17 of 
> the "Windows
> 2000 Professional System Configuration and Management", on 
> file systems,
> has a section on NTFS file attributes, which look like  an 
> obvious place
> to start. Also a section on the Change log. But there is no indication
> that "created" means anything different on NTFS than it did on FAT. I
> haven't found it in 3 or 4 other likely looking documents.
> 
> As it is, all sorts of questions follow from it. What is the window?

By default it's 15 seconds

> Where does NTFS store the information while the old file 
> doesn't exist?

The notorious Windows-Temporary files

> (Is it the change journal? It isn't mentioned.) What happens 
> to Word if
> someone accidentally or deliberately breaks the mechanism?   
> 
> The behaviour is easy to replicate as described, and I can 
> also make it
> happen from the command line without bothering with all that mouse
> clicking. It sure looks like a bug or a vulnerability to me.
> 
> Ken Brown
> 

<relurk>

Next message: Michael Wojcik: "RE: Messenger/Hotmail passwords at risk"
Previous message: bugzillaat_private: "[RHSA-2001:095-04] New util-linux packages available to fix vipw permissions problems"
Maybe in reply to: Acryl: "Win2K/NTFS messes file creation time/date"
Next in thread: Michael C. Bazarewsky: "RE: Win2K/NTFS messes file creation time/date"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 13:37:53 PDT