[Honeywall] Snort_inline log problem
patrick at setsuid.net
Wed Jun 27 16:51:53 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, Jun 27, 2007 at 03:44:24PM -0400, Earl wrote:
> I don't believe it can drop privs becaus eit needs to be able to
> drop packets and to restes and other rootly stuff. Rob/Patrick?
IIRC, it needs root privs because of the interface to the userspace libipq.
Otherwise, any non-priv process could accept, modify, or reject any packet that was sent to userspace from the iptables -j QUEUE target.
There may be other reasons as well, its been a bit since I've looked at that particular piece.
- -- patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Honeywall