You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Launch honeyd with a '-u' or '-g' switch:
2. Observer the user the daemon runs as (it is 'nobody' instead of the
provided ones:
nobody 19918 1 0 15:10 ? 00:00:00 /usr/bin/honeyd -f
/etc/honeypot/honeyd.conf -l /var/log/honeypot/honeyd.log -p
/etc/honeypot/nmap.prints -a /etc/honeypot/nmap.assoc -0
/etc/honeypot/pf.os -x /etc/honeypot/xprobe2.conf -u 110 -g 110
--disable-webserver -i lo 10.0.0.0/8
Also, syslog shows:
Nov 23 15:10:16 javifsp honeyd[19918]: Demoting process privileges to uid
65534, gid 65534
What is the expected output?
----------------------------
I would expect it to run with the provided uid/gid
Product version: 1.5c
Operating system: Debian GNU/Linux 'sid'
This bug was found by a user a few months back in Debian (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484498) but I was unable
to dedicate time to investigate it until recently.
The issue is related to how honeyd_init() overwrites honeyd_uid and
honeyd_gid even though these are set by the command line switches (-u and
-g) which never take effect.
The attached patch is a proposed fix: only set honeyd_uid and honeyd_gid to
the system's nobody user if the values are still the default values set in
the header. Otherwise don't do anything (i.e. honor the switches)
With this patch, which I'm going to submit in a new Debian package version
(-6) honeyd starts properly:
jfs@silicio:honeyd$ sudo /etc/init.d/honeyd start
Starting Honeyd daemon: honeyd.
jfs@silicio:honeyd$ ps -ef |grep honeyd
honeyd 31842 1 0 15:28 ? 00:00:00 /usr/bin/honeyd -f
/etc/honeypot/honeyd.conf -l /var/log/honeypot/honeyd.log -p
/etc/honeypot/nmap.prints -a /etc/honeypot/nmap.assoc -0
/etc/honeypot/pf.os -x /etc/honeypot/xprobe2.conf -u 110 -g 110
--disable-webserver -i lo 10.0.0.0/8
$ grep Demoting /var/log/syslog |tail -1
Nov 23 15:28:58 javifsp honeyd[31842]: Demoting process privileges to uid
110, gid 110
Original issue reported on code.google.com by jav...@gmail.com on 23 Nov 2008 at 2:32
Sorry, bug summary should be "Honeyd always run as nobody, command line -u and
-g are
overwritten" (root --> nobody)
Unfortunately, I cannot revert that now...
Original comment by jav...@gmail.com on 23 Nov 2008 at 2:39
Original issue reported on code.google.com by
jav...@gmail.com
on 23 Nov 2008 at 2:32Attachments:
The text was updated successfully, but these errors were encountered: