[301] in Coldmud discussion meeting

root meeting help first first in chain previous in chain previous next last

Re: log and time

daemon@ATHENA.MIT.EDU (Mon May 23 14:15:46 1994 )

Date: Mon, 23 May 1994 10:37:03 -0700
From: rayn@q.crossaccess.com (Ray Nawara jr.)
To: BRANDON@cc.usu.edu
Cc: coldstuff@MIT.EDU
In-Reply-To: <01HCLJW3Y3RMBWCEU7@cc.usu.edu> (message from the Lyncx on Sat, 21 May 1994 10:53:12 -0600 (MDT))


the Lyncx:
> You are afraid of somebody hacking out the time string, if it is in
> the database instead of the server.  However, if they did do this
> you would know when it happened anyhow, because up to n time strings
> would have a time stamp, then they wouldn't; but it would still be
> noticeable.  Anyhow, hacking security in ColdMUD is different than
> in MOO.  In MOO you must get a "wiz" bit.  In coldmud you simply
> have to gain access to $sys (once you can write to sys you can do
> anything).  If they have access to sys they can just turn _OFF_ the
> logging feature all together, which means that the difference
> between stamping times on it or not would make _NO_ difference.  I
> can understand the reason for a timestamp in MOO, because the server
> will call the log for various different things, but not in Cold,
> therefore there is no reason to even worry about it.

Mmm, sorry I was under the opinon that the log had practical
usefulness for security reasons, not just an informal diary of
connections. In my opinion some things should not be touched in DB,
and Logging is one of them. No reason not to worry about it? heh there
is if your paranoid and just found out that you cant even trust your
logfile. 

Take this for example:

hacker logs on, hacker breaks into sys, hacker turns off logging,
hacker makes an admin character. well, your doing a scan of the logs,
catch the hack into sys, and patch it. you still have an admin that is
a hacker running around, and may not see it for a while, especially if
he hides some things to avoid detection. Granted this is kinda
extreme, cus most hackers wont bother to be so sublte on a mud, but it
is plausable. I dont think logging should be changable at run-time in
ANY instance, except to hand-add a new log message. Of course, it wont
kill me because its the way it is, Im just not happy with it. 


	Ray / Ash