Re: resp and root

[Chris Green <cmg () sourcefire com>]

Paul Schmehl <pauls () utdallas edu> writes:

> Has anyone found a different way to open a raw socket through libnet
> other than running snort as root?  I want to try tcp resets, but I'm not
> to keen on running snort as root.  Any wrapper scripts that could be
> used for this purpose?  Is there any consideration for getting snort to
> start as root and the drop privileges after it has the socket open?

The snort privilege dropping code doesn't have a hook for plugins to
use before and after privs are dropped.

It'd be nice but if you really want to do that, you can always hack in
some cap bits for raw sockets depending on your platform.
-- 
Chris Green <cmg () sourcefire com>
Fame may be fleeting but obscurity is forever.


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users