Snort mailing list archives
chroot vs.setuid
From: "Scott Renna" <srenna () d-a-s com>
Date: Tue, 8 Jul 2003 13:06:31 -0400
Hello Snort Users, I was wondering from all of you out there if anyone knows if it is "better"(more secure) to run Snort as root and use the -t swtich for setting up the jail? Or if it is better to setuid on the binary file snort and then drop privileges upon execution? I am running the chrooted environment on my home system just to see how it performs. I'm not sure which way is more secure. In the setup with setuid set, I have changed the group on the bpf devices to be the snort user's group. This worries me only because a user in snort's group would have rw privileges to the bpf devices. In the case of the chrooted option, I've found that snort can run just fine and access the bpf devices in /dev, even though there is no /dev under the new home directory for snort to run in. Does anyone have any recommendations on which way would be more safe to operate in ? I've not used chroot too much, but to my knowledge, root is the only one that can do it. Please let me know if anyone has any input. Scott *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- chroot vs.setuid Scott Renna (Jul 08)
- Re: chroot vs.setuid Lawrence Reed (Jul 08)
- Re: chroot vs.setuid Matt Kettler (Jul 09)
- <Possible follow-ups>
- RE: chroot vs.setuid Slighter, Tim (Jul 08)