ti handle this, we could keep a gloal array of stat(2) structs as long as a file is opened,
then restore file atime/mtime on each write(2) or close(2) (write seems better).
of course, this feature must be enabled only for attacker (IS_ATTACKER)
NOTE: we must take into account the fact that the file could be opened concurently by some processes, loosing stat() information. For example, process P1 opens file F for write, then P2 opens F the same way. If P2 writes or closes the file BEFORE P1, it could be a problem that MUST be handled properly.
corefx
commented
8 years ago
ti handle this, we could keep a gloal array of stat(2) structs as long as a file is opened, then restore file atime/mtime on each write(2) or close(2) (write seems better).
of course, this feature must be enabled only for attacker (IS_ATTACKER)
NOTE: we must take into account the fact that the file could be opened concurently by some processes, loosing stat() information. For example, process P1 opens file F for write, then P2 opens F the same way. If P2 writes or closes the file BEFORE P1, it could be a problem that MUST be handled properly.