Project

General

Profile

Bug #2424

Updated by Richard Sailer almost 7 years ago

This currently happens if e.g. suricata is started as non root and does not drop privileges. 

 This is because suri->userid and suric->groupid are initialised as 0 and only changed once: in InitSignalHandler() when suricata knows it will drop privileges, it is changed to the new uid/gid suricata will change to. 

 I'm not sure how problematic this is, so I'm asking if this is worth fixing. Currently suri->userid is only used for changing privs and never again, so this bug does not really break anything, but it could if someone would rely on suri->userid for something else. 

 Also if I would fix it, what would be a nice place, to call getuid() and getgid(). SCInstanceInit() ?  

 And another thought: Usually unix process do not have a single gid, but one primary gid and several supplementary gids (https://en.wikipedia.org/wiki/Group_identifier#Supplementary_groups). gids. Should SCInstance reflect that reflect, too?

Back