Write-only devices (Was read only devices)

[pcl () foo oucs ox ac uk (Paul C Leyland)]

All the chat about mounting / and /usr read-only, with confusion over
whether it was to be done in hardware or software, reminds me of a
security device which ought to be well known and widely used but is
hardly ever implemented.

A write-only logger is incredibly useful when performing forensic work
after something has gone badly wrong.

At the last two FIRST workshops, the audience was asked who had a
hard-copy terminal as a system console.  In 1994, three people,
including myself, raised their hands.  In 1995, only one.  Me.

It is very difficult (though not impossible in general) to delete
printed log entries over the network.  Denial of service attacks, of
course, are always possible.

I do not know of any readily available write-only output device other
than printers these days.  There were advantages to paper tape and
punched cards which we have since lost.  It would probably be of general
interest to hear of large-capacity unoverwriteable devices.  Note that
CD-R is *not* acceptable as currently implemented as it is too easy to
destructively overwrite what is already there.

Clarification for pedants: by write-only, I mean something which is
not readable, by the system performing the writing or, indeed, any other
connected system without having to physically remove the device and
re-connect it to a reading system.  Printer paper can be OCR'ed, but
unless the output is fed into an OCR system, it is unreadable.

Further, it must not be possible for anything to be deleted once
written, either by the writing system or by anything connected to it,
without having to physically remove, reconfigure and reconnect the
write-only medium.


Paul