Re: [squid-users] A Logging question

From: Adrian Chadd <adrian@dont-contact.us>
Date: Fri, 10 Aug 2001 12:45:47 -0600

On Fri, Aug 10, 2001, Joe Cooper wrote:

>
> Hmmm... I don't know how the courts would feel about that (it's not my
> opinion that matters here). But, here's why it's not being logged: To
> Squid, an email with an attachment being sent to a webmail client is
> just another request. It logs the request sent to the server but not
> the posted material included in that request. This is a good thing, as
> your logs would get mighty big real fast otherwise--and you'd be setting
> yourself up for big privacy troubles.
>
> But, from a purely technical standpoint, you could probably hack Squid
> to pull out that file attachment data and log it. I doubt any of the
> regular developers would have any interest in such a project, but it
> could be done. I'm also unsure of the legal ramifications of this. I
> don't know how the courts would come down on the issue of whether a
> filename contained within a personal email is protected. I would think
> it would be, but it hasn't been tested in court as far as I know.

It would:

* suck to implement cleanly in the current codebase
* trivial to work around if someone _really_ wanted to get the data out.

<RANT>
Here's something I don't get. People would like totally secure internal
networks where they don't want data to get out at any costs, and yet
they run non-secure (I mean this in the non-Mandatory-Access_Control
non-secure meaning) workstations with Internet connectivity.

If you need this level of security, then you really should
investigate MAC/C2 level security on desktops/workstations/servers.
MAC/C2 level security tags *all* data going through a computer - to
the point where if you copy something from an xterm granted
to say, confidental, and then you wish to paste it to an xterm
(or browser!) thats running in the public access group,
the Operating System (I don't mean X, I mean the OS IPC here)
prevents it.

It doesn't prevent someone reading data and then typing it out,
but there isn't much you could do here besides not grant users
access to the internet.

If at the moment anyone is saying "crap!", go grab a copy of
Digital Unix, enable C2 security, and try it. Hell, the root
user loses all special privileges unless you explicitly grant
it some.

(Don't ask me to elaborate here - I played with it for 10 minutes
whilst evaulating it for one of the Alphaservers at my previous
job, and decided that the Admin overhead for the resources that
were allocated just wouldn't fit.)

In short, we could log this, but if someone were determined,
they would just have to wrap it up in some PGP encrypted file
named "holiday-in-brazil.jpg". If they were really clever
they'd send say, 100 photos, and have the PGP encrypted file
cut up and encoded in the optional data sections in the
gif/jpg.
</RANT>

With that said, if you'd like for one of us squid hackers to
look at implementing this kind of extended attachment logging
for you, by all means: send me some private email and we'll
discuss a price. :-)

Adrian
Received on Fri Aug 10 2001 - 12:45:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:34 MST