[Snort-users] Strange system() problem with snort

Mark Wormgoor mark at ...4427...
Wed Jan 2 01:52:20 EST 2002


Hi,

> On Sun, Dec 30, 2001 at 10:59:52AM +0100, Mark Wormgoor wrote:
> > I have a small problem with starting snort from another program.  I'm
> > running snort 1.8.3 (from RPM) on a Redhat 7.2 based system.
> > When I start snort from the command line, it will start just fine:
> > /usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -z
>
> running snort non-root , while I nice idea, turns out to be a problem. I
had this same problem with my Demarc/Snort installation. I can't remember
the specific internal problems, but this stems from your other program not
having access to the pcap device, something along those lines...
>
> running snort as root, really doesn't hurt that much either ;)

Well, I managed to solve the problem myself.  Snort is started from a setuid
program.  Therefor, stdin and stdout were closed before the system call to
start snort.  Older versions of snort had no problems with this (1.8.1 for
example).
I have changed the program to reopen stdin from /dev/zero and stdout to
/dev/null and my problem is solved :)

Kind regards,

        Mark Wormgoor






More information about the Snort-users mailing list