The filesystem I was dealing with was NTFS. Can't explain why this value was changing. Only thoughts were disc caching and system virus scanners, though I couldn't explain why either of these would have this behavior...
As mentioned, I'm going back to the drawing board and see if I can get more info on this. My laptop has been rebuilt and HDD replaced (was failing), so much changed since behavior last seen. Cheers, Mark. > On 3 Dec 2015, at 9:07 AM, Paul Eggert <[email protected]> wrote: > >> On 12/02/2015 01:52 PM, Mark O'Keefe wrote: >> Is the mtime versus ctime security concern still relevant for a directory? > > Yes, because applications can set directory mtime values to whatever they > want, using system calls like utimensat. If an application backdates a > directory, tar could incorrectly think its contents unchanged, and could > therefore dump files incorrectly. This can matter if tar is being used for > incremental backups. > > Quite possibly you're right and tar could use yet another option to work > around this sort of file system misbehavior. But really, the file system > should get fixed, as tar's not the only program that assumes ctime is > reliable. >
