ARGUS_SETUSER_ID works?

carter at qosient.com carter at qosient.com
Tue Jun 15 08:44:04 EDT 2010


Hey Peter,
Is argus() setuid and owned by root?  Argus can't elevate its privledges beyond its own owner or that of the invoking user and most interfaces privledges are system read/write only.

Carter 

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Peter Volkov <pva at gentoo.org>
Date: Mon, 14 Jun 2010 23:49:49 
To: <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] ARGUS_SETUSER_ID works?

Hi Carter. I'm having difficulties to run argus as an ordinary user. An
error I receive is:

14 Jun 10 23:31:17.192650 ArgusOpenInterface: pcap_open_live vboxnet0: 
You don't have permission to capture on that device (socket: Operation not permitted)

>From debug output it looks like argus first drops privileges and then
tries to open interface:

argus[27084.004764936e7f0000]: 14 Jun 10 23:31:17.178440 setArgusInterfaceStatus(1)
14 Jun 10 23:31:17.179098 started
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182332 ArgusEstablishListen(561, 0xb53a7b90) binding: any:561 family: 2
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182609 ArgusInitOutput() done

At this ^^ function, as I see argus drops privileges...

14 Jun 10 23:31:17.182691 started
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182721 ArgusCreatePIDFile(/var/run/argus/, argus) pidpath is /var/run/argus/
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182765 getArgusDevice() returning vboxnet0
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182951 ArgusCreatePIDFile(0x8529e0, 0xb53a989f) returning /var/run/argus//argus.vboxnet0.0.pid
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.183012 ArgusCloneSource() returning 0x90d73010
argus[27086.10e797916e7f0000]: 14 Jun 10 23:31:17.184937 ArgusOutputProcess(0x84f770) starting
14 Jun 10 23:31:17.192650 ArgusOpenInterface: pcap_open_live vboxnet0: You don't have permission to capture on that device (socket: Operation not permitted)

...and here it fails, like it should.

argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192734 ArgusShutDown(SIGHUP)
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192769 ArgusCloseSource(0x921b6010) starting
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192824 ArgusCloseSource(0x921b6010) deleting source
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192854 ArgusCloseEvents() done
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192886 ArgusCloseModeler(0x84f2e0)
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192912 ArgusCloseOutput() scheduling closure after 0 records
argus[27086.10e797916e7f0000]: 14 Jun 10 23:31:17.285171 ArgusOutputProcess() shuting down 0
argus[27086.10e797916e7f0000]: 14 Jun 10 23:31:17.285258 ArgusOutputProcess() exiting
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.285840 ArgusCloseOutput(0x84f770) done
14 Jun 10 23:31:17.286008 stopped
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.286041 ArgusShutDown()

Running as root works fine.

Could you help us to resolve this issue. This is argus-3.0.3.11, but
probably same problem exists in previous argus versions too.

P.S. in attachment there is patch to fix two minor typos in configuration file. Please, apply )

Thank you in advance,
-- 
Peter.





More information about the argus mailing list