[Snort-users] chroot'd snort + flexresp

Chris Green cmg at ...1935...
Mon Jul 22 07:41:04 EDT 2002


David Wollmann <dwollmann at ...6397...> writes:

> Addendum:
>
> Rereading the source, I notice this at snort.c:303:
>
>     /* Drop privelegies if requested, when initialisation is done */
>     SetUidGid();
>
>     /* if we're using the rules system, it gets initialized here */
>     if(pv.use_rules && !conf_done)
>     {
>         /* initialize all the plugin modules */
>         InitPreprocessors();
>         InitPlugIns();
>         InitOutputPlugins();
>         InitTag();
>         ...
>
> I assume this means that privileges are dropped before attempting to set up the
> react plug-in, causing the code in sp_react.c to throw a fatal error.
>
> Is there any way to force snort to open the raw socket before dropping
> privs?

Move the Drop after the initializations, thats the way it used to be
and I sent out a request to see if anyone cared if I changed it back
to the old way. No one really did.
-- 
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx




More information about the Snort-users mailing list