Snort mailing list archives

Re: Snort priv. drop and chroot before/after changing uid/gid

From: "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com>
Date: Fri, 11 Sep 2015 18:00:20 +0000

Hello Bill,
  Thanks for the Snort improvement suggestion.  We will capture your feature request.
    Ed Borgoyn
    Cisco Snort Development Team

From: Bill Parker <wp02855 () gmail com<mailto:wp02855 () gmail com>>
Date: Thursday, September 10, 2015 at 5:09 PM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] Snort priv. drop and chroot before/after changing uid/gid

Hi All,

    I ran into an instance where having snort set it's UID/GID before dropping priv/chroot can lead to a problem 
creating a .PID in /var/run, due to user permissions.  I know this behavior was changed in reading the Snort Changelog, 
but perhaps a CLI switch could be added to write PID before changing to user/group, rather than afterwards?

Bill

p.s. - when this happens, the snort script daemon can't find the correct PID to kill is why I'm mentioning it :)

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort priv. drop and chroot before/after changing uid/gid Bill Parker (Sep 10)
- Re: Snort priv. drop and chroot before/after changing uid/gid Ed Borgoyn (eborgoyn) (Sep 11)