Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: non-root user cannot run snort

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 27 Jan 2004 13:38:38 -0500
At 08:09 AM 1/27/2004, Robert Storey wrote:

It's funny that the Snort users manual makes no mention of this issue. I
think I will write the authors and suggest that it be included.
Quite frankly, it should be *obvious* that snort can't be directly executed by a non-root user....
if a non-root user could start snort, that user could VERY easily compromise the entire machine as a root user.
Not to be rude, but anyone who runs snort really should have enough background in security to understand why non-root users can't be allowed to initiate sniffing interfaces. This is VERY basic security stuff. Along the lines of "don't make your password file world-writable".
hint: if a non-root user can sniff interfaces, they can sniff them for login passwords (if non-encrypted protocols are used), engage in session hijacking, data injection, etc. It would be relatively easy to gain the privileges of other users this way. 









-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: