[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Re: Official sudosh announcement

To: sage-members@usenix.org (SAGE Members)
Subject: Re: [SAGE] Re: Official sudosh announcement
From: "Adam S. Moskowitz" <adamm@menlo.com>
Date: Fri, 1 Oct 2004 12:32:58 -0400 (EDT)
In-Reply-To: <82a71f8a04100109077e36c3bb@mail.gmail.com> from "Doug Hanks" at Oct 01, 2004 09:07:59 AM
Reply-To: adamm@menlo.com
Sender: owner-sage-members@usenix.org

On Fri, 1 Oct 2004 09:07:59, Doug Hanks <dhanks@gmail.com> wrote:
> Thanks for the feedback. I'll just ignore your attitude, because I
> know it runs rampant in the technical community.

Attitude or not, Bill has a very real, very valid, very serious point.

> sudosh provides accountability through syslog.

"[A]ccountability through syslog" is an oxymoron. syslog message are not
secure, are easily diverted/modified/falsified, fake messages can easily
be sent to the central log host, etc. This certainly wouldn't stand up
in court, and I seriously doubt that it would meet the SOx requirements.

> Nothing else out there does.

And with good reason: Using syslog for accounting is neither reliable
nor secure.

The basic idea of sudosh (a root shell with full logging) is good, but
it requires a better remote logging mechanism than syslog. Claiming that
sudosh, using syslog, would meet SOx requirements is at best
disingenuous, at worst negligent.

AdamM

Follow-Ups:
- Re: [SAGE] Re: Official sudosh announcement
  - From: Doug Hanks <dhanks@gmail.com>
- Re: [SAGE] Re: Official sudosh announcement
  - From: Josh Smith <irilyth@infersys.com>

References:
- Re: [SAGE] Re: Official sudosh announcement
  - From: Doug Hanks <dhanks@gmail.com>

Prev by Date: Re: [SAGE] Re: Official sudosh announcement
Next by Date: Re: [SAGE] Re: Official sudosh announcement
Prev by thread: Re: [SAGE] Re: Official sudosh announcement
Next by thread: Re: [SAGE] Re: Official sudosh announcement
Index(es):
- Date
- Thread