[Honeywall] Snort_inline log problem

Patrick McCarty patrick at setsuid.net
Wed Jun 27 16:51:53 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jun 27, 2007 at 03:44:24PM -0400, Earl wrote:
> I don't believe it can drop privs becaus eit needs to be able to
> drop packets and to restes and other rootly stuff.  Rob/Patrick?

IIRC, it needs root privs because of the interface to the userspace libipq.

Otherwise, any non-priv process could accept, modify, or reject any packet that was sent to userspace from the iptables -j QUEUE target.

There may be other reasons as well, its been a bit since I've looked at that particular piece.

- -- patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFGgs3opPYocrgNjZgRAlazAJ4rUjODRmxd3jaKdIPyo2SKsa77WQCdHd+F
E5QAW41ANhjc0fUBdy10qSQ=
=B2l3
-----END PGP SIGNATURE-----


More information about the Honeywall mailing list