chroot issues

Carter Bullard carter at qosient.com
Tue Sep 26 00:30:36 EDT 2006


Gentle people,
I have finished the first round of the chroot, setuid and setgid  
implementation.
I moved some stuff around, and implemented the chroot, setuid and  
setgid,
after opening syslog, all the input files, and putting any listen  
down on an
output port.  I chroot() first, then setuid(), and then setgid(), so  
that the
group is appropriate for the user.  You can provide uid and gid  
independantly,
but as Andreas indicated,  most will provide both at the same time.

I added ARGUS_CHROOT_DIR, ARGUS_SETUSER_ID and ARGUS_SETGROUP_ID
configuration keywords to the argus.conf sample in ./support/Config/ 
argus.conf, and
updated the man page, so .....  whew!!!

Ok, no guarantees, so if there are any problems send mail.  I'll  
upload the code
tomorrow sometime during the day.

Carter


On Sep 25, 2006, at 11:15 PM, Carter Bullard wrote:

> Hey Russell,
> I referring to the input files,  when argus reads its input from a  
> pcap formatted file.
> My assumption is that you won't chroot if you're reading a packet  
> dump, but you
> never know what people will do ;o)
>
> Can these packet input files be outside the chroot'd directory?
> I'll open the output files after the chroot and change in uid and gid.
>
> Carter
>
>
> On Sep 25, 2006, at 11:09 PM, Russell Fulton wrote:
>
>>
>>> Is this reasonable, or do we need to force the input files to be  
>>> in the
>>> chroot'd
>>> directory?
>>>
>>
>> I had assumed that they would be under the chroot dir since if  
>> they are
>> not then how do you rollover the files.  Currnently one just mv  
>> the file
>> that argus is writing to and when argus next tries to write to the  
>> file
>> it notices and closes and reopens the file.  If the file is out  
>> side the
>> chroot then argus will be unable to open it again.
>>
>> Or am I missing something?
>>
>> Russell
>>
>
>
>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060926/a1a4dd44/attachment.html>


More information about the argus mailing list