[Snort-users] non-root user cannot run snort
mkettler at ...4108...
Tue Jan 27 10:40:37 EST 2004
At 08:09 AM 1/27/2004, Robert Storey wrote:
>It's funny that the Snort users manual makes no mention of this issue. I
>think I will write the authors and suggest that it be included.
Quite frankly, it should be *obvious* that snort can't be directly executed
by a non-root user....
if a non-root user could start snort, that user could VERY easily
compromise the entire machine as a root user.
Not to be rude, but anyone who runs snort really should have enough
background in security to understand why non-root users can't be allowed to
initiate sniffing interfaces. This is VERY basic security stuff. Along the
lines of "don't make your password file world-writable".
hint: if a non-root user can sniff interfaces, they can sniff them for
login passwords (if non-encrypted protocols are used), engage in session
hijacking, data injection, etc. It would be relatively easy to gain the
privileges of other users this way.
More information about the Snort-users