Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Honeyd always run as root, command line -u and -g are overwritten #10

Closed
GoogleCodeExporter opened this issue Apr 4, 2016 · 2 comments
Closed

Honeyd always run as root, command line -u and -g are overwritten #10

GoogleCodeExporter opened this issue Apr 4, 2016 · 2 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

What steps will reproduce the problem?
1. Launch honeyd with a '-u' or '-g' switch:


2. Observer the user the daemon runs as (it is 'nobody' instead of the
provided ones:

nobody   19918     1  0 15:10 ?        00:00:00 /usr/bin/honeyd -f
/etc/honeypot/honeyd.conf -l /var/log/honeypot/honeyd.log -p
/etc/honeypot/nmap.prints -a /etc/honeypot/nmap.assoc -0
/etc/honeypot/pf.os -x /etc/honeypot/xprobe2.conf -u 110 -g 110
--disable-webserver -i lo 10.0.0.0/8

Also, syslog shows:

Nov 23 15:10:16 javifsp honeyd[19918]: Demoting process privileges to uid
65534, gid 65534

What is the expected output?
----------------------------

I would expect it to run with the provided uid/gid

Product version: 1.5c 
Operating system: Debian GNU/Linux 'sid'

This bug was found by a user a few months back in Debian (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484498) but I was unable
to dedicate time to investigate it until recently. 

The issue is related to how honeyd_init() overwrites honeyd_uid and
honeyd_gid even though these are set by the command line switches (-u and
-g) which never take effect.

The attached patch is a proposed fix: only set honeyd_uid and honeyd_gid to
the system's nobody user if the values are still the default values set in
the header. Otherwise don't do anything (i.e. honor the switches)

With this patch, which I'm going to submit in a new Debian package version
(-6) honeyd starts properly:

jfs@silicio:honeyd$ sudo /etc/init.d/honeyd start
Starting Honeyd daemon: honeyd.
jfs@silicio:honeyd$ ps -ef |grep honeyd
honeyd   31842     1  0 15:28 ?        00:00:00 /usr/bin/honeyd -f
/etc/honeypot/honeyd.conf -l /var/log/honeypot/honeyd.log -p
/etc/honeypot/nmap.prints -a /etc/honeypot/nmap.assoc -0
/etc/honeypot/pf.os -x /etc/honeypot/xprobe2.conf -u 110 -g 110
--disable-webserver -i lo 10.0.0.0/8
$ grep Demoting /var/log/syslog |tail -1
Nov 23 15:28:58 javifsp honeyd[31842]: Demoting process privileges to uid
110, gid 110

Original issue reported on code.google.com by jav...@gmail.com on 23 Nov 2008 at 2:32

Attachments:
@GoogleCodeExporter
Copy link
Author 

Sorry, bug summary should be "Honeyd always run as nobody, command line -u and 
-g are
overwritten" (root --> nobody)

Unfortunately, I cannot revert that now...

Original comment by jav...@gmail.com on 23 Nov 2008 at 2:39

@GoogleCodeExporter
Copy link
Author 

Thank you very much for the patch.   This is fixed in trunk now.

Original comment by pro...@gmail.com on 4 Dec 2008 at 5:08

  • Changed state: Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter