The patch.
Russell Fulton
R.FULTON at auckland.ac.nz
Tue Mar 19 16:17:11 EST 2002
Hmmm... I must be missing something here. Surely the issue of abuse of
pid files is only a problem if argus is suid root. Yes, people must be
aware that argus config files must be protected, but that goes for any
other daemon that runs as root. In one sense this isn't too much of a
problem with argus since I suspect that the vast majority of argus
daemons run on more or less dedicated systems (not that that is an
excuse not to do thing right).
On a vaguely related note, does argus need to retain root privildges
once it has the intreface open in promiscuous mode (and has written pid
in /var/run ;-). I would actually prefer to have the files written by
-w owned by something other than root and, in the unlikely event that
there is a bug that would enable a carefully crafted packet to cause a
buffer overflow *and* the buffer overflow lead to the ability to execute
code, then it would be nice to make the kiddies work to get root.
We are starting to look seriously at LIDS and I notice that it
implenents some forms of capabilities (including the ability to put an
interface into promiscouous mode ?) -- has anyone had a go at setting up
argus under LIDS?.
--
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list