LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Journal - a proposed syslog replacement

The Journal - a proposed syslog replacement

Posted Nov 21, 2011 14:31 UTC (Mon) by nix (subscriber, #2304)
In reply to: The Journal - a proposed syslog replacement by elanthis
Parent article: The Journal - a proposed syslog replacement

the attacker would have to rewrite the entire chain from the first message he wanted to modify.
Well, yes. The attacker has to read() and write() the whole thing from that point on anyway, since POSIX provides no write_and_shift_up() nor delete_and_shift_down() functions. Do you really think that rehashing will be hard on top of that? You could only detect that if you mirrored the logs onto some other system... in which case you might as well only mirror the hashes. Actually you might as well simply store the hashes on their own on a different machine, and use a conventional syslog, without the myriad instantly obvious downsides of this hairbrained scheme.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds