[Snort-users] non-root user cannot run snort

Matt Kettler mkettler at ...4108...
Tue Jan 27 10:40:37 EST 2004


At 08:09 AM 1/27/2004, Robert Storey wrote:
>It's funny that the Snort users manual makes no mention of this issue. I
>think I will write the authors and suggest that it be included.

Quite frankly, it should be *obvious* that snort can't be directly executed 
by a non-root user....

if a non-root user could start snort, that user could VERY easily 
compromise the entire machine as a root user.

Not to be rude, but anyone who runs snort really should have enough 
background in security to understand why non-root users can't be allowed to 
initiate sniffing interfaces. This is VERY basic security stuff. Along the 
lines of "don't make your password file world-writable".

hint: if a non-root user can sniff interfaces, they can sniff them for 
login passwords (if non-encrypted protocols are used), engage in session 
hijacking, data injection, etc. It would be relatively easy to gain the 
privileges of other users this way.











More information about the Snort-users mailing list