chroot semantics fubar again in 1.8

[Erik Fichtner <emf () servervault com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Why is it that chroot semantics in snort change every release? 

I invoke snort like so:

/usr/local/bin/snort -i fxp0 -c /etc/snort/snort.conf -D -o \
  -g 9999 -u 9999 -t /data/log -l /

in 1.7, this worked perfectly.  It put all my logs in /data/log, and the
snort process couldn't see anything else.   Which is almost how I wanted it.

Now, if I specify -t in 1.8, i get the following error:

Initializing rule chains...
ERROR: Unable to open rules file: /etc/snort/snort.conf or /etc/snort//etc/snort/snort.conf
Fatal Error, Quitting..


You're not seriously trying to tell me that I have to put my rules and my
configuration file with my database passwords into the chroot environment
are you?    At that point, why am I chrooting?   Am I the only person who 
wants the program to insulate itself against the possibility of an attacker
compromising it and tampering with the sensor software? 






- -- 
Erik Fichtner
Security Administrator, ServerVault, Inc.
703-333-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7TNxbQ7EzrewLMS0RAnTdAKCylWC7/m1COQGa25sVRZnpVhngugCfapbY
jUMHpL3urDAKF6u5QdGUdZ8=
=+3MJ
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users