[Snort-devel] Re: SIGHUP doesn't work

Martin Roesch roesch at ...402...
Mon Sep 22 06:22:30 EDT 2003


On Sunday, September 21, 2003, at 10:14 PM, Steve G wrote:

>> Are you dripping privs at runtime?
>
> Yes. It is running under the snort user. So why does the error
> get reported as a failure of the pcap stuff? If the problem is
> that root is required for pcap, then it should at least say that
> in the error message. I am even wondering if it should continue
> the restart when failure is certain. This should also be in the
> man page.

Root is required for pcap to take the interface promiscuous so it's 
erroring out with a permission problem (we let pcap print its own error 
messages).

> BTW, can you not do a setreuid() back to root since the saved uid
> is root?

Yes you can, we should do that.

      -Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-devel mailing list