[syslog-ng]sync question, feature request

Gregor Binder gbinder@sysfive.com
Mon, 22 Jan 2001 20:16:31 +0100


todd glassey on Mon, Jan 22, 2001 at 09:21:41AM -0800:

Todd,

> Jason - let me just answer your question here. "What is the problem with
> running NTP on the hosting system as a separate process from the Logger?" -
> The answer is that "Yes there is a problem and this is becuase as an
> evidentiary process, in systems that rely on separate services in the same
> hosting OS context, the quality of the results are always predicated against
> the Systems Admin."

assuming you integrate ntp functionality into syslog-ng - what stops me
from attaching a debugger to syslog-ng as root and modify data or code
to falsify timestamps? True, it's somewhat harder than just killing ntpd
and setting a wrong time manually, but it doesn't mean it cannot be
done.

Or did I get something wrong?

Regards,
  Gregor.

-- 
Gregor Binder  <gregor.binder@sysfive.com>  http://sysfive.com/~gbinder/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55