[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] -m

To: adamm@menlo.com
Subject: Re: [SAGE] -m
From: Doug Hanks <dhanks@gmail.com>
Date: Fri, 1 Oct 2004 10:09:00 -0700
Cc: SAGE Members <sage-members@usenix.org>
In-Reply-To: <20041001170041.67271EBF77@hexogen.explosive.net>
References: <82a71f8a041001094441817d2a@mail.gmail.com> <20041001170041.67271EBF77@hexogen.explosive.net>
Reply-To: Doug Hanks <dhanks@gmail.com>
Sender: owner-sage-members@usenix.org

Hi Adam,

Regarding your poor attitude:  you could be a very intelligent
individual, but when you do not know how to socially interact and
riddle your responses with personal insults, people such as myself are
blind to your logic.

I did not claim syslog was "secure."  I said that sudosh uses syslog
to log the input and output of a root shell and apply timestamps.

If you do not like syslog logging, please feel free to submit a sudosh
patch using another logging mechanism.

I understand how syslog works, i've read all of the source code for
it.  I also know it can be tampered with, just like anything else;
which goes back to my original question:  what would you recommend
that would provide better logging (that is somewhat standard on all
UNIX flavours) besides syslog?

Thanks in advance,

On Fri, 1 Oct 2004 13:00:00 -0400 (EDT), Adam S. Moskowitz
<adamm@menlo.com> wrote:
> 
> 
> On Fri, 1 Oct 2004 09:44:26, Doug Hanks <dhanks@gmail.com> wrote:
> > I see your attitude is just as worse as Bill's if not worse. I'll
> > assume this isn't the general attitude of SAGE?
> 
> I respectfully suggest you drop this part of your responses.
> 
> > Can you please explain another mechanism that is more secure than syslog,
> > and most importantly, impervious to tampering?
> 
> No, I won't. The point is simply that syslog is not secure, is not
> reliable, and is not resistant to tampering. Implying that it is, or
> that a system that relies on syslog would meet SOx requirements is, as
> both Bill and I have said, disingenuous.
> 
> I do not believe such a mechanism exists, at least, not as a coherent
> "system." (I could be wrong, as I'm not an expert -- although I am
> skilled enough to know that my assertions about syslog's lack of
> reliability and security are correct.) There are things that can be done
> to make syslog more secure, but those need to be done on a per-system
> basis, well outside the purview of sudosh.
> 
> > I would more than likely consider such an idea in my new release.
> 
> I strongly encourage you todo so. Ans again, I'm not saying you should
> in any way retract or downgrade sudosh as it now stands, but simply, to
> stop climing that its use of syslog makes it secure or reliable.
> 
> AdamM
> 
> 

-- 
- Doug Hanks = dhanks(at)gmail(dot)com

Follow-Ups:
- Re: [SAGE] -m
  - From: Cat Okita <cat@reptiles.org>

References:
- Re: [SAGE] Re: Official sudosh announcement
  - From: Doug Hanks <dhanks@gmail.com>
- [SAGE] -m
  - From: "Adam S. Moskowitz" <adamm@menlo.com>

Prev by Date: Re: [SAGE] Re: Official sudosh announcement
Next by Date: [SAGE] How did that "-m" get there?
Prev by thread: [SAGE] -m
Next by thread: Re: [SAGE] -m
Index(es):
- Date
- Thread