[Bro-Dev] Running Bro non-SUID on Linux
seth at icir.org
Thu Jan 20 04:41:38 PST 2011
On Jan 19, 2011, at 5:31 PM, Jim Mellander wrote:
> I've been helping someone install Bro on Linux, and we don't want to
> go the SUID route, and thought that by using setcap to set cap_net_raw
> on the binary, it would work, but Bro startup copies the binary to a
> temp directory, which loses all privileges - here's the communication
> from the user:
I think that Justin has a patch for Bro that drops privileges after starting up. It's possible that we could just integrate that patch since it was a very small change, only something around 5 lines if I remember correctly. The addition to BroControl should be really small and easy too.
Justin, could you file a tracker ticket if you still have that patch floating around somewhere?
International Computer Science Institute
(Bro) because everyone has a network
More information about the bro-dev