Greetings; I recall seeing some discussion about strange file timestamp behavior in this list recently, and thought the following exchange would be interesting. I found this in the bugtraq list. ----- Forwarded message from Acryl <abusement2at_private> ----- From: "Acryl" <abusement2at_private> To: <bugtraqat_private> Subject: Win2K/NTFS messes file creation time/date Date: Wed, 11 Jul 2001 14:19:53 +0200 Heyo all ... First of all I'm not too sure whether this actually belongs here and whether it has been posted already, so please excuse me if any of these two applies. Since it at least partly affects "data" integrity, I think posting it here is not all too wrong. I notified Microsoft about 2 weeks ago and received no response yet. I accidently stumbled accross this error when I made a program of mine create 3 text files containing different debug output. My explorer is set to detailed view showing: Creation time/date, Last modification time/date and last access time/date. This way the bug I'll describe is easy to recognize so I'd recommend setting it to the same properties when trying to reproduce this. When I ran my program the very first time it created the 3 text files and set all of the 3 values properly as the should. After viewing the files I deleted them (Shift + Del) by hand and reran the program. Again the 3 files were created, but the Creation time/date was set wrong, namely it was set to the very first creation time ( before I deleted them by hand ). Any following runs of the program produced the same results. The error was not reproducable with 100% certainity using the explorer only, but I found a way that causes the error to happen in most cases ( ~ 19 out of 20 ). Create a new directory somewhere on a NTFS partition. Create a text file (i.e. test1.txt ) using the context-menu. Wait until more than one minute passed and create a second text file named test2.txt. Now both files should show the correct creation time/date as it should be. Now delete test1.txt and rename test2.txt to test1.txt afterwards. Now the error should appear. While last access and last modification timestamps of former test2.txt should stay intact, the creation timestamp should change to the one of the ( now deletet ) test1.txt. This error also occured when using files which creation timestamps were differing by months. I tested this on serveral Win2K boxes with SP2 installed. - Kimon ----- End forwarded message ----- Gerald Carter followed up with: ----- Cut-n-paste from a message from Gerald Carter <gcarterat_private> ----- From: Gerald Carter <gcarterat_private> To: Acryl <abusement2at_private> Cc: <bugtraqat_private> Subject: Re: Win2K/NTFS messes file creation time/date This is known behavior. There is a window during which the "sticky" behavior will occur. In fact, certain MS apps (e.g. Word) rely upon this behavior. ----- End cut-n-paste ----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 10:05:35 PDT