Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.9.0.4 won't daemonize, OpenBSD 4.7

From: Olaf Schreck <chakl () syscall de>
Date: Fri, 08 Apr 2011 22:51:59 +0200
Replying to self with a workaround solution, for the archives


snort 2.9.0.4 on OpenBSD 4.7, running fine, but won't daemonize.


Is anyone running snort 2.9 on OpenBSD 4.7 or 4.8 who does NOT have this 
problem?

I had a look at the daemonize code in util.c and rebuilt snort with 
"CPPFLAGS=-DDEBUG sh configure.sh ..." to see the debug messages.  As 
expected, the daemon parent waits for a "child ready" signal that never 
arrives while the daemon child claims to have sent it.  Signal is 
SIGCONT as defined in snort.h:

     #define SIGNAL_SNORT_CHILD_READY    29

So for some obscure reason, the daemon parent does not see SIGCONT from 
the daemon child.  In the OpenBSD manpage for kill(2) I noticed

     Setuid and setgid processes are dealt with slightly differently.
     For the non-root user, to prevent attacks against such processes,
     some signal deliveries are not permitted and return the error
     EPERM.  The following signals are allowed through to this class
     of processes: SIGKILL, SIGINT, SIGTERM, SIGSTOP, SIGTTIN, SIGTTOU,
     SIGTSTP, SIGHUP, SIGUSR1, SIGUSR2.

Since SIGCONT was not mentioned in the list above, I tried changing the 
"child-ready" signal to SIGUSR2:

     #define SIGNAL_SNORT_CHILD_READY    31

Works fine as expected.

And no, I did not specify setuid/setgid on the command line or in 
snort.conf, and ran it as root.  I have no idea why SIGCONT is filtered 
here, but SIGUSR2 is not.




At the
end of the startup messages it says:

    Spawning daemon child...
    My daemon child 3777 lives...
     0x8151dc00*running     15 -c-------f 0000 main

but it doesn't come back to the shell prompt.  I can ^C out and see the
snort child process.  With ^Z, I see 2 snort processes.  Obviously the
parent won't exit while daemonizing.  Any clues why?

The daemonized child runs and alerts just fine.

This happens regardless whether I use -D on the cmdline, "config daemon"
in snort.conf, or both.


------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: