[Snort-users] Snort changes from 1.6.3 -> pl 2

Fyodor fygrave at ...121...
Tue Sep 26 22:03:00 EDT 2000


~ :
~ :True, but I'd rather lose the ability to HUP (eg, have to restart cold) 
~ :and retain the ability to have my logging happen outside of the chroot 

one of the ways is too keep unix socket inside chrooted directory so snort
would be able to write there, and some external module to read from that
and process, there is unixsock logging plugin which I have written quite
long ago, but it somehow could be used here as well... Anyway for the long
run a spooling and watchdog'ging module is planned, I think it will take
care of this issue.

However if the vulnerability would be discovered in the module which
handles parsing external module, you're still risking to be compromiced
:). We try to keep coding it though to avoid such cases :), but even
OpenBSD has sploitable problems :)






More information about the Snort-users mailing list