Ethereal-users: Re: [Ethereal-users] Mandrake 7.2 and Ethereal User Privliges

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: John LeMay <jlemay@xxxxxxxx>
Date: Tue, 7 Nov 2000 18:53:17 -0500 (EST)
Agreed. chmod'ing these, as with any file, should always be done with
care and preferably only on a secure network. Common security practices
should always be followed even if one relies on the simplest method of
security - security by obscurity. In other words, run it but don't tell
anyone about it. 

On Tue, 7 Nov 2000, Guy Harris wrote:

> On Tue, Nov 07, 2000 at 12:54:17PM -0500, John LeMay wrote:
> > chmod 4755 /*/ethereal
> > chmod 4755 /*/tethereal
> 
> I seem to remember seeing, somewhere, a claim that it is not safe to
> make GTK+ programs set-UID (or, at least, that GTK+ is not known to be
> safe, so that there's a risk that it's not safe); I think it may have
> been on one of the GTK+ mailing lists.
> 
> Ethereal is a GTK+ program.
> 
> Furthermore, we've not audited it to make sure it's safe to make
> set-UID; you make it set-UID at your own risk.
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>