Snort mailing list archives
Re: chroot'd snort + flexresp
From: Chris Green <cmg () sourcefire com>
Date: Mon, 22 Jul 2002 10:39:55 -0400
David Wollmann <dwollmann () puttybox com> writes:
Addendum: Rereading the source, I notice this at snort.c:303: /* Drop privelegies if requested, when initialisation is done */ SetUidGid(); /* if we're using the rules system, it gets initialized here */ if(pv.use_rules && !conf_done) { /* initialize all the plugin modules */ InitPreprocessors(); InitPlugIns(); InitOutputPlugins(); InitTag(); ... I assume this means that privileges are dropped before attempting to set up the react plug-in, causing the code in sp_react.c to throw a fatal error. Is there any way to force snort to open the raw socket before dropping privs?
Move the Drop after the initializations, thats the way it used to be and I sent out a request to see if anyone cared if I changed it back to the old way. No one really did. -- Chris Green <cmg () sourcefire com> I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- chroot'd snort + flexresp David Wollmann (Jul 21)
- Re: chroot'd snort + flexresp David Wollmann (Jul 21)
- Re: chroot'd snort + flexresp Chris Green (Jul 22)
- Re: chroot'd snort + flexresp Andreas Hasenack (Jul 24)
- Re: chroot'd snort + flexresp Jeff Nathan (Aug 05)
- Re: chroot'd snort + flexresp Chris Green (Jul 22)
- Re: chroot'd snort + flexresp David Wollmann (Jul 21)