[Snort-devel] "config chroot" bug etc
andreaso at ...387...
Thu Jan 1 06:21:09 EST 2004
According to the manual, "config chroot: <dir>" is valid, but that
feature was removed from parser.c in rev 1.77.
# echo "config chroot: /tmp" > test.conf
# snort -c test.conf -l /tmp 2>&1 | grep ERROR
ERROR: Unknown config directive: config chroot: /tmp
I believe that the following patch against HEAD would work, by setting
pv.chroot_dir so that SetChroot() is run later. If this feature was
removed on purpose, maybe the manual should be updated instead.
--- parser.c.org Wed Dec 31 15:03:18 2003
+++ parser.c Wed Dec 31 15:05:26 2003
@@ -3594,6 +3594,17 @@
+ else if(!strcasecmp(config, "chroot"))
+ LogMessage("Found chroot config directive (%s)\n", args);
+ if(!(pv.chroot_dir = strdup(args)))
+ FatalError("Out of memory setting chroot dir from config file\n");
+ DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Chroot directory = %s\n",
else if(!strcasecmp(config, "umask"))
Btw, serveral config directives in the snort config file seem to have no
effect since the pv.<foo> args are processed before the config file
has even been read and set them, for example "config daemon" and "config
bpf_file: ..." (maybe there are more). And pv.log_dir (if not set on
command line) is set to DEFAULT_LOG_DIR before SanityChecks() is called,
and before reading a possible "config logdir: ..." from the config file,
so the sanity check will check the wrong dir. According to comments in the
source, these things are not exactly unknown but it would still be nice
if it was fixed.
More information about the Snort-devel