The Journal - a proposed syslog replacement
Posted Nov 21, 2011 14:31 UTC (Mon) by nix
In reply to: The Journal - a proposed syslog replacement
Parent article: The Journal - a proposed syslog replacement
the attacker would have to rewrite the entire chain from the first message he wanted to modify.
Well, yes. The attacker has to read() and write() the whole thing from that point on anyway, since POSIX provides no write_and_shift_up() nor delete_and_shift_down() functions. Do you really think that rehashing will be hard on top of that? You could only detect that if you mirrored the logs onto some other system... in which case you might as well only mirror the hashes. Actually you might as well simply store the hashes on their own on a different machine, and use a conventional syslog, without the myriad instantly obvious downsides of this hairbrained scheme.
to post comments)