Project

General

Profile

Actions

Feature #119

closed

Suricata should support the ability to drop privs in every RunMode Possible

Added by Will Metcalf almost 15 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

We need to support the ability to drop privs for every run mode possible. We need to test Steve's patch with all runmodes to verify that everything still works and make modifications where needed.

General comments from Steve about dropping privs.

I just wanted to mention that running as root means that you gain access to
certain capabilities. Without the capabilities, root is just a normal account
- although still dangerous. It is possible to keep capabilities while changing
uid. This is done by using the prctl() syscall. To do this with libcap is
about 60 lines of code. To do this with libcap-ng is 3 lines of code.

Typically the way this is done goes one of 2 ways: Either wait until
privileged ops are completed and then drop all capabilities or retain some
capabilities. The decision really depends on whether or not the daemon can
receive a signal such as sighup that may require it to do privileged ops
again. If it does, then you should keep some capabilities. If it does not then
you should drop them all.


Files

sgrubb-drop-privs.diff (4.32 KB) sgrubb-drop-privs.diff Steve Grubb's sample drop privs patch. Will Metcalf, 03/12/2010 09:16 AM
Actions #1

Updated by Victor Julien over 14 years ago

  • Due date changed from 03/20/2010 to 04/30/2010
  • Target version changed from 0.8.2 to 0.9.0
Actions #2

Updated by Victor Julien over 14 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Current master drops privs if the --user <user> option is supplied. Requires libcap-ng.

Actions

Also available in: Atom PDF