Snort mailing list archives
Re: Snort priv. drop and chroot before/after changing uid/gid
From: "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com>
Date: Fri, 11 Sep 2015 18:00:20 +0000
Hello Bill, Thanks for the Snort improvement suggestion. We will capture your feature request. Ed Borgoyn Cisco Snort Development Team From: Bill Parker <wp02855 () gmail com<mailto:wp02855 () gmail com>> Date: Thursday, September 10, 2015 at 5:09 PM To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] Snort priv. drop and chroot before/after changing uid/gid Hi All, I ran into an instance where having snort set it's UID/GID before dropping priv/chroot can lead to a problem creating a .PID in /var/run, due to user permissions. I know this behavior was changed in reading the Snort Changelog, but perhaps a CLI switch could be added to write PID before changing to user/group, rather than afterwards? Bill p.s. - when this happens, the snort script daemon can't find the correct PID to kill is why I'm mentioning it :)
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort priv. drop and chroot before/after changing uid/gid Bill Parker (Sep 10)
- Re: Snort priv. drop and chroot before/after changing uid/gid Ed Borgoyn (eborgoyn) (Sep 11)