[317] in Coldmud discussion meeting
Re: logging, fact and fiction
daemon@ATHENA.MIT.EDU (Tue May 24 14:12:11 1994
)
Date: Tue, 24 May 94 11:08:03 PDT
From: weber@tungsten.seattle.geoworks.com (Eric Weber)
To: rayn@q.crossaccess.com (Ray Nawara jr.)
Cc: coldstuff@MIT.EDU
In-Reply-To: <9405241730.AA11029@q.crossaccess.com>
Ray Nawara jr. writes:
>
> GBH:
> > If all calls to $sys.eval, $sys.compile, and all methods on $sys
> > which modify ,admins are logged, then Ray/Ashs senario is
> > invalid. The time of modifying $sys.log and/or $sys,admins will be
> > in the log.
>
> Mmm, yoeh if mods to log were logged (besides perhaps being
> recursive?) then you'd be able to see the hole.
>
It seems like a good idea to run an external program on the text dump
to watch for certain types of changes to $sys, such as changes to verb
code or security related properties. This wouldn't give you any
information on precisely when or how a change occurred, but would give
you an out-of-db method for noticing an attack that slipped through
the log somehow.
Has anyone written such a program?
-- Eric