Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: chroot'd snort + flexresp

From: Chris Green <cmg () sourcefire com>
Date: Mon, 22 Jul 2002 10:39:55 -0400
David Wollmann <dwollmann () puttybox com> writes:


Addendum:

Rereading the source, I notice this at snort.c:303:

    /* Drop privelegies if requested, when initialisation is done */
    SetUidGid();

    /* if we're using the rules system, it gets initialized here */
    if(pv.use_rules && !conf_done)
    {
        /* initialize all the plugin modules */
        InitPreprocessors();
        InitPlugIns();
        InitOutputPlugins();
        InitTag();
        ...

I assume this means that privileges are dropped before attempting to set up the
react plug-in, causing the code in sp_react.c to throw a fatal error.

Is there any way to force snort to open the raw socket before dropping
privs?


Move the Drop after the initializations, thats the way it used to be
and I sent out a request to see if anyone cared if I changed it back
to the old way. No one really did.
-- 
Chris Green <cmg () sourcefire com>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: