R: [EROS-Arch] Error logging

Valerio Bellizzomi devbox@selnet.org
Wed, 26 Sep 2001 02:27:27 +0200 

> >
> > While I can see that the Apache developers, and the web site
administrator
> > need to consent, I don't see a technical way for me as a visitor to that
> > web site to have a say in log disclosure.
>
> I don't see this at all - why would the developer have to consent?
> Surely it is only the user(s) of the program and the system(s) it is
> hosted on that are involved - the developer just produced some source!
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html
>
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
> _______________________________________________
> eros-arch mailing list
> eros-arch@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/eros-arch
>



Do the error log carries portions of the user's/developer's mental logic ?

Specifically for the levels of disclosure 2 and 3,

the error log can contain portions of the user's data and/or portions of the
logic path the user follows when operating the program,
this is valuable real usage info that can be used by debuggers and as a
user-behavior-model by test engines...
Depending on the given situation, the user could not be willing to
disclose that info to a third party, and he should be able to have a
say in log disclosure.

The system's administrator, could be willing to keep secret the
configuration of the program's instance he is running and maintaining, so if
that configuration can be retrieved in any way by examining the error log,
the system's administrator should be able to have a say in log disclosure.

The developer may also have some 'service log records' that he would keep
secret, as they are part of proprietary debug code (this is commonly used in
beta-releases of the software).

I believe that some coordinated authentication mechanism should be used for
log disclosure.
Such a mechanism should apply individually to each log entry by the mean of
a single 'entry type' byte.

I propose the following schema as an example:

entry type
00000001 = developer log record
00000010 = admin log record
00000100 = user log record

Using this schema a single log entry can be tagged to require 1, 2, or 3
entity authentication. The entry type can be combined so if a log entry is
tagged 00000111 it will require the authentication of all, the user, the
developer and the administrator.


val