I was just doing some thinking and I was wondering to myself - How do we know the metadata of a file is correct? What if some program modifies it? We have no actual data about the metadata itself and thus we would have no way of verifying its validity? Or do we? Are there any methods/programs we can use to validate them?
+2
A:
If you want to know that metadata is valid, have something you trust sign it and attach the signature as metadata. That way, you can know if it has been tampered with by validating the signature.
See the DKIM email-signing system. It's designed to be decentralized and can tolerate some changes to a message's headers without invalidating the signature completely (if so desired).
Borealid
2010-08-03 02:55:42
A:
How do we know the metadata of a file is correct? What if some program modifies it?
I am more specifically talking about OS-level metadata, such as creation date, access date, file size
The question is specious. OS-level metadata can't be "wrong".
If the access is "wrong"? Who says what's "wrong"? If the sysadmin changed the permissions, and you can't access it, then -- well -- you're out of luck, but the access is the access. Who defines "wrong"?
If the size is "wrong"? You change the size of a file by writing to it. Either you trust the OS to handle this, or -- well -- you get another job where you can worry about things like time not working, gravity not working, and OS not keeping track of resources.
If the creation date is "wrong"? There's no API to change this, so you have to trust the OS to maintain this.
If you're worried about super-complex virus-like software that can covertly overwrite inodes and dnodes in the OS, you have a bigger problem than "metadata". You have a virus corrupting the OS.
S.Lott
2010-08-03 15:42:48