[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse
Subject: Re: [opensuse] Re: Why are systemd's logs stored as binaries?
From: "Carlos E. R." <robin.listas () telefonica ! net>
Date: 2016-12-24 1:01:08
Message-ID: fabe209c-8ec9-55f7-7ea3-dd5c816dc79f () telefonica ! net
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2016-12-23 23:30, Greg Freemyer wrote:
> On Fri, Dec 23, 2016 at 5:05 PM, John Andersen <jsamyth@gmail.com>
> wrote:
>> The binary logs are certainly closer to something that is far
>> more tamper proof. The format and structure is documented, and
>> will be as readable in 2020 or 2120 as they are today. But if
>> you don't trust the process of printing them in human readable
>> form then all is for naught.
>
> The tamper proof nature is what I hoped this thread would be
> about.
True.
> I was hoping that people would provide reasons (or point at
> relevant web resources) why journald binary logs were preferred to
> traditional text logs.
Ok, lets think. A plain text log can not be tamperproof, because as
you know, it can be edited. It needs a cryptographic signature, and
this has to be added on each line as it gets written, not later as a
postprocess. It can be a checksum per line, then a paragraph signature
now and then that signs a number of lines preceding the signature block.
Plain text can be signed, yes. We do it on email. But the instant we
do that, that text becomes a binary: change a single "bit", change a
single letter, and the signature fails. Add a space, reformat, and it
fails. On normal text, it does not "change" by doing some minor edit.
Anyway.
A binary format has it easier to add checksums and validity checks to
the fields. It is easier to detect tampering. However, I do not know
if these checksums and signatures have been added already to the
journal. I read something about it long ago, but I have no links, only
vague recollections.
Thinking aloud, each log record could also have a signature block or a
checksum. Then I guess that every now and then a bunch of records
would need a big signature block, stored as a another record, but
calculated and written perhaps many minutes after they were written.
rsyslog has cryptographic modules. I do not know if for signing or for
encryption of logs.
- --
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlhdyNQACgkQja8UbcUWM1wuiAEAoQ7uv+qG/magiZkDWs7Tyei1
alYcC0uD9yVzCGJ02BsA/0D5Kqirqp+Qlbu2V9LtR3aMC31VzC8igv6BCGKX8jNX
=HrXc
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic