Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!image.soe.clarkson.edu!news
From: mrd@sun.soe.clarkson.edu (Michael DeCorte)
Newsgroups: comp.unix.wizards
Subject: Re: Multiple Root ID's considered evil?
Message-ID: <MRD.89Sep20182750@sun.clarkson.edu>
Date: 20 Sep 89 22:32:49 GMT
References: <4157@buengc.BU.EDU> <1723@convex.UUCP>
	<1989Sep13.082607.981@twwells.com> <1738@convex.UUCP>
	<3812@helios.ee.lbl.gov> <9560@cadnetix.COM>
Sender: news@sun.soe.clarkson.edu
Distribution: usa
Organization: Clarkson University, Potsdam NY
Lines: 23
In-reply-to: rusty@cadnetix.COM's message of 19 Sep 89 22:31:21 GMT

In article <9560@cadnetix.COM> rusty@cadnetix.COM (Rusty Carruth) writes:

>However, I would like to remind you that, should someone become root
>who wishes to hide that fact, and should /var/log/authlog be someplace
>that the root-ed person can touch... well, lets just say that your
>log means nothing in this case, since root can go edit that file
 
True but sometimes is not a question of trust but I want a trail so
that I can say "Hey did you do this? Yeah... Well that ain't the way
to do it" (eg someone accidently blew away /dev/null and didn't
recreate it properly)

--

Michael DeCorte // H215-546-0497 W386-8164 Fax386-8252 // mrd@clutx.bitnet
2300 Naudain St. "H", Phil, PA 19146 // mrd@sun.soe.clarkson.edu
---------------------------------------------------------------------------
Clarkson Archive Server // commands = help, index, send, path
archive-server@sun.soe.clarkson.edu
archive-server%sun.soe.clarkson.edu@omnigate.bitnet
dumb1!dumb2!dumb3!smart!sun.soe.clarkson.edu!archive-server
---------------------------------------------------------------------------