Ethereal-dev: Re: Fwd: Re: [Ethereal-dev] Ethereal patch: limit capability set under Linux

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Fri, 17 Jun 2005 22:36:57 +0200
Thomas Anders wrote:

> Ulf Lamping wrote:
>
>> Wouldn't it be a good idea to do it the other way round? Usually running
>> Ethereal in user level and raise capabilities (somehow like su does it),
>> when needed while capturing.
>
>
> Unless we're talking about different things here, there's no painless
> way to "raise capabilities" -- and that's by intention since it's the
> whole point of dropping (or not having) them in the first place.
>
Yes, a program shoulnd't be able to raise privileges "on it's own".

I've seen such a mechanism e.g. when starting synaptic. If the user
doesn't have enough privileges, there's a dialog box popping up asking
for root password. I'm unsure if it's done by some kind of graphical su?

After the changes I've done "recently", we always use a two task model
to capture packets, so this "su model" could be added to Ethereal somehow.

But after thinking about it, it might be tedious each time you start a
capture to be asked about a password, so it might not be a practical
idea at all  ...

Regards, ULFL

P.S: I don't say anything against the patch, it's just that it would be
nice if I would understand how it's working. Some more comments in the
code would be really nice :-)