[Snort-users] chroot'd snort + flexresp
cmg at ...1935...
Mon Jul 22 07:41:04 EDT 2002
David Wollmann <dwollmann at ...6397...> writes:
> Rereading the source, I notice this at snort.c:303:
> /* Drop privelegies if requested, when initialisation is done */
> /* if we're using the rules system, it gets initialized here */
> if(pv.use_rules && !conf_done)
> /* initialize all the plugin modules */
> I assume this means that privileges are dropped before attempting to set up the
> react plug-in, causing the code in sp_react.c to throw a fatal error.
> Is there any way to force snort to open the raw socket before dropping
Move the Drop after the initializations, thats the way it used to be
and I sent out a request to see if anyone cared if I changed it back
to the old way. No one really did.
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx
More information about the Snort-users