Re: Suggestion: xtime as new inode attribute

[Simon Horman]

On Wed, Dec 16, 2009 at 07:57:30PM +0100, Daniel Poelzleithner wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> I would like to suggest a new attribute for inodes in linux filesystems
> to record the last execution time of files.
> 
> The problem:
> 
> If a linux installation gets older and older, more and more programs get
> installed over time. Mostly to just test them for a particular problem
> and often the deinstallation is forgotten. To find out which packages
> are not used for a long time is currently quite impossible. The user may
> use program X which will run but not depend on program Y as a subprocess
> for example.
> 
> The solution:
> 
> I suggest a new inode attribute called xtime, which is like atime, but
> will only be updated when a file is executed. This would allow tracking
> of unused binaries and could be used with some clever algorithms in the
> cleanup program to find unused packages for removal or other cleanup
> purposes.
> It would also add an additional information in forensic analysis of
> hacked systems btw.

Given the existence of noatime and other related mount options
designed to mitigate the performance penalty related to atime,
adding xtime doesn't strike me as a particularly good idea.
I suspect there are easier ways to track when executables are
executed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/