MOO-cows Mailing List Archive

RE: Logging and Security Hole.

Date: Wed, 31 Jan 1996 02:12:46 PST
From:
Andrew Wendt <powerpig@m-net.arbornet.org>
cc: "moo-cows@parc.xerox.com" <moo-cows@parc.xerox.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <01BAEEF2.39BE9E80@wilsonr.ecs.ecsworld.com>

On Tue, 30 Jan 1996, C. Regis Wilson wrote:

> >Secondly, I'd like a way to log all commands that a grey listed site 
> >issues into the server log.. I think all I have to do is modify the 
> >$command_utils:do_huh, but I think that this would be a nice addition to 
> >the next LambdaCore.  Since Greylisting is suppose to be a warning of 
> >problems, have it log all commands from those sites..  Comments Welcome.
>
> I don't think you can do this without in-db parsing.  But,
> if it's in-db, it can be loop-holed or hacked.  You'd have
> to have the server log the commands in some way, but then
> (in my opinion) you violate the theory of "division of
> server and db".

I don't think $command_utils:do_huh is a good choice for this. This would 
probably work fine if you put it in #0:do_command:

su=$string_utils;
if ($login:graylisted(su:connection_hostname(connection_name(player))))
  server_log(tostr(su:nn(player),": ",argstr));
endif

Since :do_command returns false the server continues with the command
anyway. It has to call $login and $string_utils before every single 
command though, even if you're not being logged.

I don't think logging commands is a very nice thing to do in the first 
place anyway, and users should be notified at login if there is the 
possibility of it. Perhaps only log commands that match a certain pattern 
(all those starting with `@'?) would be nicer.

Something totally unrelated in case I'm wrong about how to log people, so
this message might still be worth something, here is something I've
wanted: 

with ($string_utils)
  x=:explode(argstr);
  y=.alphabet;
endwith

You get the idea. You don't have to specify $string_utils over and over 
if you use it a lot.

> >In Him, for Him
> >
> Is this one of those Christian subliminal messages?

TTFN
Andy

--
Which word doesn't belong:                                        Andrew Wendt
Christianity, Hypocrisy, Lies, Trickery, Sheep           powerpig@arbornet.org
"andy is the prince of darkness" -- draco      powerpig@mcmuse.mc.maricopa.edu

References:

RE: Logging and Security Hole.

From: "C. Regis Wilson" <wilsonr@ecsworld.com>

Prev: Re: Logging and Security Hole.
Next: Lookup process crash
Index: MOO-cows
Thread: MOO-cows

Home | Subject Index | Thread Index