[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [opensuse] Re: Why are systemd's logs stored as binaries?
From:       "Carlos E. R." <robin.listas () telefonica ! net>
Date:       2016-12-24 1:01:08
Message-ID: fabe209c-8ec9-55f7-7ea3-dd5c816dc79f () telefonica ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2016-12-23 23:30, Greg Freemyer wrote:
> On Fri, Dec 23, 2016 at 5:05 PM, John Andersen <jsamyth@gmail.com>
> wrote:
>> The binary logs are certainly closer to something that is far
>> more tamper proof.  The format and structure is documented, and
>> will be as readable in 2020 or 2120 as they are today.  But if
>> you don't trust the process of printing them in human readable
>> form then all is for naught.
> 
> The tamper proof nature is what I hoped this thread would be
> about.

True.

> I was hoping that people would provide reasons (or point at
> relevant web resources) why journald binary logs were preferred to
> traditional text logs.

Ok, lets think. A plain text log can not be tamperproof, because as
you know, it can be edited. It needs a cryptographic signature, and
this has to be added on each line as it gets written, not later as a
postprocess. It can be a checksum per line, then a paragraph signature
now and then that signs a number of lines preceding the signature block.

Plain text can be signed, yes. We do it on email. But the instant we
do that, that text becomes a binary: change a single "bit", change a
single letter, and the signature fails. Add a space, reformat, and it
fails. On normal text, it does not "change" by doing some minor edit.

Anyway.

A binary format has it easier to add checksums and validity checks to
the fields. It is easier to detect tampering. However, I do not know
if these checksums and signatures have been added already to the
journal. I read something about it long ago, but I have no links, only
vague recollections.

Thinking aloud, each log record could also have a signature block or a
checksum. Then I guess that every now and then a bunch of records
would need a big signature block, stored as a another record, but
calculated and written perhaps many minutes after they were written.


rsyslog has cryptographic modules. I do not know if for signing or for
encryption of logs.

- -- 
Cheers / Saludos,

		Carlos E. R.

  (from 13.1 x86_64 "Bottle" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlhdyNQACgkQja8UbcUWM1wuiAEAoQ7uv+qG/magiZkDWs7Tyei1
alYcC0uD9yVzCGJ02BsA/0D5Kqirqp+Qlbu2V9LtR3aMC31VzC8igv6BCGKX8jNX
=HrXc
-----END PGP SIGNATURE-----

-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]