Hi, I am running a new Tor router and also use Snort. I detect some SHELLCODE x86 setuid 0. Since it is connected to buffer-overflows, none known positives/negatives false alarm, and possibility for the current process to inherent root privileges on Solaris, Unix X86 and Linux X86 I wonder if it’s a real part of an attack or known false detection, i.e. something in the Tor protocol/binary data? Tor Wiki gives no information about problems with using Snort.