Attributes of the file which can not be overwritten
 

Hi ,

I now know that the attributes of the file such as last write time last access time etc which sit in the struct stat for a file can be overwritten.

What are the attributes which can not be overwritten and if overwritten by malicious module, we can know that its overwritten.

Thanks for any input...

I mean to say,

What are the attributes of a file ,which, if changed would spoil the integrity of the file.

Say a user writes some thing to the file but modifies the last write time, but still the file is valid when we try to read the file and we cant perform any cross check to find this out.

are there any attributes for which such kind of cross check can be made.

sorry for again posting...

Thanks for any help...

Nothing that I know of.

What about the link count?

Link count does not have anything to do with the integrity of a file.

I'd think that invalidity would speak for itself. If you don't want a file that's all null characters, then finding one would be a faulty file. If it doesn't matter, then it's obviously of no concern. I suppose if you had a modification date of "100 March -256" that would be out of the ordinary, but I don't know if file times utilize all bits. That depends on the file system, I'm sure.

A bad link count would be a file system error, as I suppose an "invalidated" file would be. Normally fsck corrects that sort of thing. I guess changing the file's size to something that it isn't would be another way. Again, this all has to do with the file system itself, as the only way to truly corrupt a file is to alter the data it contains.
ta0kira

Very true. But none if the information in the inode has anything to do with file integrity. Hence, I had somehow assumed the OP was talking about the inode's integrity.