On 7/20/07, Scott Oertel [email protected] wrote:
I just don't see the problem really with having a script inside /root/bin, which is completely locked down to only the root user, which parses logs via a cron job. I just don't see the harm.
-Scott Oertel
If there was an unknown exploit in your log processing tool, and that hole could be exploited by inserting a string into one of the logs that was processed by your tool, a string could be inserted into the log some how -- inserting strings into logs is certainly possible with web server logs, for instance, that log the user agent, for instance -- the exploit could be exploited. This is "theoretical exploit" territory, of course, which is a kind of endless flat-earth sort of debate -- the question is, is "completely locking down" any computer program possible.