[317] in Coldmud discussion meeting

root meeting help first first in chain previous in chain previous next next in chain last in chain last

Re: logging, fact and fiction

daemon@ATHENA.MIT.EDU (Tue May 24 14:12:11 1994 )

Date: Tue, 24 May 94 11:08:03 PDT
From: weber@tungsten.seattle.geoworks.com (Eric Weber)
To: rayn@q.crossaccess.com (Ray Nawara jr.)
Cc: coldstuff@MIT.EDU
In-Reply-To: <9405241730.AA11029@q.crossaccess.com>

Ray Nawara jr. writes:
 > GBH:
 > > If all calls to $sys.eval, $sys.compile, and all methods on $sys
 > > which modify ,admins are logged, then Ray/Ashs senario is
 > > invalid. The time of modifying $sys.log and/or $sys,admins will be
 > > in the log.
 > Mmm, yoeh if mods to log were logged (besides perhaps being
 > recursive?) then you'd be able to see the hole.  

It seems like a good idea to run an external program on the text dump
to watch for certain types of changes to $sys, such as changes to verb
code or security related properties.  This wouldn't give you any
information on precisely when or how a change occurred, but would give
you an out-of-db method for noticing an attack that slipped through
the log somehow.

Has anyone written such a program?

-- Eric