Bug 452763 - snort should not run as root
snort should not run as root
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: snort (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Dennis Gilmore
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-24 17:09 EDT by Steve Grubb
Modified: 2015-07-10 09:46 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-10 09:46:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2008-06-24 17:09:42 EDT
Description of problem:
Because snort parses malicious network packets, it should not run as root in
case there is a flaw. The uid 62 was allocated in the setup rpm for the snortd
user. The spec file should have a %pre section that adds the user and updates
made to the /etc/sysconfig/snort file.

%pre
getent passwd snortd >/dev/null || \
/usr/sbin/useradd -M -o -r -d / -s /sbin/nologin \
        -c "Snort Daemon" -u 62 snortd > /dev/null 2>&1 || :

and

# What user account should we run under.
USER="snortd"

# What group account should we run under.
GROUP="snortd"

There may need to be some updating of directory permissions too with this patch
in place.

Version-Release number of selected component (if applicable):
2.8.1-3
Comment 1 Steve Grubb 2008-07-02 15:17:46 EDT
Turns out after this change, the prelude plugin cannot access its config data.
The plugin should be started before dropping privs. I'll work out a patch that
ensures this.
Comment 2 John Poelstra 2008-10-10 23:55:44 EDT
This bug has been triaged
Comment 3 Dennis Gilmore 2015-07-10 09:46:13 EDT
snort was removed from fedora years ago

Note You need to log in before you can comment on or make changes to this bug.