Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68276

Standard log entries can be manipulated

XMLWordPrintable

    • MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
    • MOODLE_38_STABLE
    • MDL-68276-replace-logs
    • Hide

      Covered by unit tests

       1) Run:

      php admin/tool/replace/cli/replace.php --search=randomstring1 --replace=randomstring2 --non-interactive

      2) Run:

      php admin/tool/replace/cli/replace.php --search=randomstring2 --replace=randomstring3 --non-interactive

      3) Visit: /report/loglive/index.php

      4) Confirm that the log entry for the first item still says 'The user with id '0' replaced the string 'randomstring1' with the string 'randomstring2' in the database.' and not 'The user with id '0' replaced the string 'randomstring1' with the string 'randomstring3' in the database.

      Show
      Covered by unit tests  1) Run: php admin/tool/replace/cli/replace.php --search=randomstring1 --replace=randomstring2 --non-interactive 2) Run: php admin/tool/replace/cli/replace.php --search=randomstring2 --replace=randomstring3 --non-interactive 3) Visit: /report/loglive/index.php 4) Confirm that the log entry for the first item still says 'The user with id '0' replaced the string 'randomstring1' with the string 'randomstring2' in the database.' and not 'The user with id '0' replaced the string 'randomstring1' with the string 'randomstring3' in the database.

      This is a bug in that a compromised admin account can use this to cover it's tracks to some degree.

      This was found while testing MDL-68193

      1) I did a search and replace, which is now correctly logged (see MDL-68193)

      2) But I can use the search and replace to manipulate the logs as well:

      3) Showing the now re-written logs:

      This isn't confined to this new event, you can replace anything in the logs.

       

       

       

       

        1. 0001-MDL-68276-admin-Skip-all-log-tables-in-db_replace.patch
          0.9 kB
          Brendan Heywood
        2. image-2020-03-27-22-46-02-826.png
          41 kB
          Brendan Heywood
        3. image-2020-03-27-22-47-14-819.png
          21 kB
          Brendan Heywood
        4. image-2020-03-27-22-47-33-079.png
          53 kB
          Brendan Heywood
        5. MDL-68276.jpg
          25 kB
          Anna Carissa Sadia

            brendanheywood Brendan Heywood
            brendanheywood Brendan Heywood
            Peter Burnett Peter Burnett
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Anna Carissa Sadia Anna Carissa Sadia
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 15 minutes
                2h 15m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.