[Snort-users] Snort changes from 1.6.3 -> pl 2

Bill Marquette wlmarque at ...8...
Tue Sep 26 11:53:42 EDT 2000



>> So, what's the proper behavior for this (and the setgid/setuid) switch?
>> Should it open up files relative to the real root dir, or after?  If we do it
>> before, people are going to set their logging dir to '/' expecting the thing
>> to be set before hand (I've had at least 2-3 reports of that behavior being a
>> bug).  How does everone around here want this to work?  Let's figure it out
>> and I'll code it up...
>
>It should work like in named (BIND)

Hmmm...it should log relative to the chroot.  If we don't there will be problems
kill -HUPing snort in daemon mode as once it's chrooted it shouldn't be able to
escape the jail for any reason (including a restart).

--Bill





More information about the Snort-users mailing list