Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
Apache License 2.0
1.79k
stars
238
forks
source link
Temporary directory created before dropping privileges #209
When running stenotype via stenographer with the option to drop privileges from root to another user we run into a problem. The temporary packet directory (/tmp/stenographer${NUMBER}/PKT0/${RANDOM}) is created on the filesystem before dropping the privileges, thereby setting the owner and group of the temporary packet directory to root:root. This causes the first attempt of the thread to write a packet to the temporary directory to fail and exit.
A work-around is to start the stenographer watchdog process as the same user, however a simple remedy would be to create the temporary packet directory after dropping the privileges or simply setting the owner and group of that directory to the user and group supplied in the options.
When running stenotype via stenographer with the option to drop privileges from root to another user we run into a problem. The temporary packet directory (
/tmp/stenographer${NUMBER}/PKT0/${RANDOM}) is created on the filesystem before dropping the privileges, thereby setting the owner and group of the temporary packet directory to root:root. This causes the first attempt of the thread to write a packet to the temporary directory to fail and exit.A work-around is to start the stenographer watchdog process as the same user, however a simple remedy would be to create the temporary packet directory after dropping the privileges or simply setting the owner and group of that directory to the user and group supplied in the options.