Honeypots mailing list archives
Re: honeyd on Solaris 9
From: Tobias Hahn <tobi_wan () gmx de>
Date: Thu, 07 Jul 2005 09:33:31 +0200
Hi, I think I found the reason why honeyd won't start: I used "truss honeyd..." (truss is like strace for Solaris) and it showed me that an EACCES error occurs when the child process tries to access the /dev/poll file descriptor which it inherited from its parent. Error message: PID 8682: open("/dev/poll", O_RDWR) = 3 ... 8683: pwrite(3, 0x000D89F0, 16, 0) Err#13 EACCES 8683: \0\0\00F\001\0\0\0\0\005\001\0\0 8683: ioctl(3, DP_POLL, 0xFFBFF548) Err#13 EACCES ... 8683: i o c t l : D P _ P O L L : P e r m i s s i o n d e n i e 8683: d 8683: write(2, "\n", 1) = 1 8683: _exit(0) 8682: _exit(0) Searching for a solution to this problem I found this (from http://sundocs.princeton.edu:8888/ab2/coll.40.6/REFMAN7/@Ab2PageView/57113): But the child process will have very limited access through this inherited /dev/poll file descriptor. Any attempt to write or do ioctl by the child process will result in an EACCES error. Has anybody here ever got honeyd to work on a solaris machine? Tobias gangadhar npk schrieb:
Just a thought. To confirm that libdnet might be causing problem, can you please try with writing a simple test case using libdnet which does an intf_open() on any of the interfaces. I don't have access to a solaris box currently, but I will also try it. Do share your results. Best regards Gangadhar -----Original Message----- From: Tobias Hahn <tobi_wan () gmx de> To: honeypots () securityfocus com Date: Fri, 01 Jul 2005 08:28:33 +0200 Subject: honeyd on Solaris 9 Hi, I started debugging honeyd wit gdb and I think I found at least one reason why it's not working like I want it to. I compared the Solaris debugging output with the Suse 9.2 debugging output and this is what I got: ===SuseLinux9.2=========>>>>========================= 3106 interface_initialize(honeyd_recv_cb); (gdb) step interface_initialize (cb=0x81a64c0) at interface.c:83 83 TAILQ_INIT(&interfaces); (gdb) 85 if ((intf = intf_open()) == NULL) (gdb) intf_open () at intf.c:123 123 if ((intf = calloc(1, sizeof(*intf))) != NULL) { (gdb) 124 intf->fd = intf->fd6 = -1; (gdb) 126 if ((intf->fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) (gdb) 137 return (intf); ========================<<<<========================= ===Solaris9=============>>>>========================= 3109 interface_initialize(honeyd_recv_cb); (gdb) interface_initialize (cb=0x1ef8c <honeyd_recv_cb>) at interface.c:83 83 TAILQ_INIT(&interfaces); (gdb) 85 if ((intf = intf_open()) == NULL) (gdb) 86 err(1, "intf_open"); (gdb) 85 if ((intf = intf_open()) == NULL) (gdb) 88 if_recv_cb = cb; (gdb) ========================<<<<========================= It seems to me that on Solaris there is a problem with opening the interface. intf_open() belongs to intf.c, which is one of the libdnet files. honeyd always ends just after 3205:fprintf(stderr, "Honeyd starting as background process\n"); 3206: if (daemon(1, 0) < 0) { 3207: unlink(PIDFILE); 3208: err(1, "daemon"); 3209: } line 3206 is the last one the gdb shows. I would really appreciate if somebody could help me with any of this. Thanks in advance, Tobias
Current thread:
- honeyd on Solaris 9 Tobias Hahn (Jul 01)
- <Possible follow-ups>
- Re: honeyd on Solaris 9 gangadhar npk (Jul 03)
- Re: honeyd on Solaris 9 Tobias Hahn (Jul 07)