|
|
|
|
Snort Forums Archive
Archive Home » Snort Development » Enhancement needed in Username/UID checking
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Enhancement needed in Username/UID checking
Posted by Shaick1 on August 29, 2005 20:07:56
Hello Snort developers,
We use Snort on different Unix and Linux platforms. One of the platforms we support has announced that they are going to support usernames that begin with numeric digits. In the current Snort code, we find the -u option to work in te following manner.
Check whether atoi() returns zero ( which means the value specified by the user does not begin with numerals)
if yes
Assume this is a username. Performing Username check
else
Assume this is a userid. Performing UID check
When a numeric-prefixed username is specified by the user, ( e.g. 776test ) the atoi() function returns 776, and the Snort code assumes it is a userid. This will not work when platforms begin to support usernames beginning with numerals.
We feel that the -u command-line option is somewhat overloaded. A longer term solution could be to support two different command-line options - one for username and another for userid.
In the short term, we are suggesting code changes that impact one file - snort/src/parser.c
The suggested change is shown below. Please let us know if this is something you could incorporate in Snort base code.
Thanks,
ViSolve Security Consulting Group
Email: support@visolve.com
www.visolve.com
===========================================================================================================
Before :
if((userid = atoi(username)) == 0)
{
pw = getpwnam(username);
if(pw == NULL)
FatalError("User \"%s\" unknown\n", username);
userid = pw->pw_uid;
}
else
{
pw = getpwuid(userid);
if(pw == NULL)
FatalError(
"Can not obtain username for uid: %lu\n",
(u_long) userid);
}
After :
Is_Uname=0,j;
// Username can begin with numeric values
for(j=0;jpw_uid;
}
else
{
pw = getpwuid(userid);
if(pw == NULL)
FatalError(
"Can not obtain username for uid: %lu\n",
(u_long) userid);
} |
|
Posted by Shaick1 on August 29, 2005 20:10:29
Seems the part of the suggested code is truncated, Here is complete suggested code
Before :
if((userid = atoi(username)) == 0)
{
pw = getpwnam(username);
if(pw == NULL)
FatalError("User \"%s\" unknown\n", username);
userid = pw->pw_uid;
}
else
{
pw = getpwuid(userid);
if(pw == NULL)
FatalError(
"Can not obtain username for uid: %lu\n",
(u_long) userid);
}
After :
Is_Uname=0,j;
// Username can begin with numeric values
for(j=0;jpw_uid;
}
else
{
pw = getpwuid(userid);
if(pw == NULL)
FatalError(
"Can not obtain username for uid: %lu\n",
(u_long) userid);
} |
|
Posted by Shaick1 on August 29, 2005 20:17:12
The code between "lessthan" to "greaterthan" symbol is lost. I have removed the symbol and posted again.
Before :
if((userid = atoi(username)) == 0)
{
pw = getpwnam(username);
if(pw == NULL)
FatalError("User \"%s\" unknown\n", username);
userid = pw->pw_uid;
}
else
{
pw = getpwuid(userid);
if(pw == NULL)
FatalError(
"Can not obtain username for uid: %lu\n",
(u_long) userid);
}
After :
Is_Uname=0,j;
#if defined (HPUX)
// Username can begin with numeric values
for(j=0;j "lessthan" strlen(username);j++) {
if(isdigit(username[j])==0) {
Is_Uname=1;
break;
}
}
#end if
if((userid = atoi(username)) == 0 || Is_Uname)
{
pw = getpwnam(username);
if(pw == NULL)
FatalError("User \"%s\" unknown\n", username);
userid = pw-"greaterthan" pw_uid;
}
else
{
pw = getpwuid(userid);
if(pw == NULL)
FatalError(
"Can not obtain username for uid: %lu\n",
(u_long) userid);
} |
|
Posted by Joel_Esler on August 30, 2005 10:46:59
Thank you for your submission. Please submit a diff from the old code to the new code and email the diff
w/ explaination to snort-team [at] sourcefire [dot] com.
Joel Esler
SOURCEfire |
|
|
|
|
|
