argus-2.0.5.beta.6.tar.gz available
Yotam Rubin
yotam at makif.omer.k12.il
Wed Mar 20 08:35:02 EST 2002
On Tue, Mar 19, 2002 at 09:44:29PM -0500, Carter Bullard wrote:
> Hey Yotam,
> None-the-less, I think it is a good discussion.
>
> I've uploaded ftp://qosient.com/dev/argus-2.0/argus-2.0.5.beta.6.tar.gz
> which implements your pid file suggestions, to allow argus
> to specify a specific pid file. In support of this feature,
> we now have new argus.conf variables, ARGUS_PID_FILENAME and
> ARGUS_MAX_INSTANCES, and we've now got "-I <number>",
> "-c" and "-n pidfile" options to play with. The
> support/Config/argus.conf and the various man pages
> have been updated, so I hope your suggestion has been
> fully implemented.
>
> They all seem to work, as much as I have had time to
> test.
Thanks. There are still a few issues.
o The updated manual page appears to incorrectly document the behavior of
the -n flag.
o Some files in the tarball are chmoded 775.
o Perhaps it should be documented chdir's to / upon initialization.
Users specifying relative pid file paths and the like might be confused
by the results.
Regards, Yotam Rubin
>
> Please do give this new version of argus a spin. There
> are some fixes for Cisco V5 netflow record parsing, and
> a few rare seg faulting conditions fixed, so please do
> test.
>
> Thanks for all the support,
>
> Carter
>
> Carter Bullard
> QoSient, LLC
> 300 E. 56th Street, Suite 18K
> New York, New York 10022
>
> carter at qosient.com
> Phone +1 212 588-9133
> Fax +1 212 588-9134
> http://qosient.com
>
>
> > -----Original Message-----
> > From: owner-argus-info at lists.andrew.cmu.edu
> > [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> > Yotam Rubin
> > Sent: Tuesday, March 19, 2002 8:52 PM
> > To: 'Argus'
> > Subject: Re: pid file issues
> >
> >
> > On Tue, Mar 19, 2002 at 12:48:52PM -0500, Carter Bullard wrote:
> > [...]
> > >
> > > If we allow argus to specify the pid file directory,
> > > we can prevent bad pid filename choices, if we support
> > > pid filenames, then we can't prevent anything, which is
> > > ok at one level, and somewhat irresponsible on the other?
> >
> > The situation still remains, if a malicious user has
> > sufficient access[1]
> > to create an arbitrary PID file, why would he need argus to
> > create the pid
> > file for him? I mean, why can't he simply "echo somepid >
> > /var/run/identd.run"?
> > argus should run under the assumption that it trusts its
> > users. This sort
> > of attack can only be carried out by a user with relevant access.
> > I will not reiterate my claims further, because I believe
> > I've made myself
> > pretty clear.
> >
> > Regards, Yotam Rubin
> >
> >
> > [1] Of course, argus can be setuid root, but then the admin
> > has an entirely
> > different set of problems.
> >
> > >
> > > Suggestions?
> > >
> > >
> > > Carter
> > >
> > > Carter Bullard
> > > QoSient, LLC
> > > 300 E. 56th Street, Suite 18K
> > > New York, New York 10022
> > >
> > > carter at qosient.com
> > > Phone +1 212 588-9133
> > > Fax +1 212 588-9134
> > > http://qosient.com
> > >
> >
> >
>
>
More information about the argus
mailing list