[Snort-devel] [ snort-Bugs-451594 ] wrong uid/gid for tcpdump binary file

noreply at ...12... noreply at ...12...
Thu Sep 27 23:34:07 EDT 2001


Bugs item #451594, was opened at 2001-08-16 08:43
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=451594&group_id=3357

Category: None
Group: None
>Status: Closed
Resolution: Fixed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Martin Roesch (roesch)
Summary: wrong uid/gid for tcpdump binary file

Initial Comment:
When you choose to log packet in tcpdump binary file 
format, and you run snort with -u and/or -g option 
(to change uid and gid of snort) this not affect the 
tcpdump binary file (if you run snort as root, the 
file will be still root/root).

I quickly looked in the source (snort.c) and the 
reason is quite obvious:
line 312 we can see
InitOutputPlugins();

whereas the uid/gid are drop only at line 345 with
SetUidGid();

as it seems the file are created during the init the 
file will still have root/root uid/gid, btw we can 
see there are not problem at all for alert and 
portscan file (the alert file is created after 
SetUidGid())

Well, I did *NOT* try to put SetUidGid before the 
InitOutputPlugins, I was too lazy to read the whole 
init code to see how it will affect them ;)

Maybe someone can fix this little but annoying 
problem.

Best Regards
ChoJin



----------------------------------------------------------------------

Comment By: Martin Roesch (roesch)
Date: 2001-09-27 23:28

Message:
Logged In: YES 
user_id=18573

Fixed and committed.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=451594&group_id=3357




More information about the Snort-devel mailing list