Andy,
It may not be as bad as you think - how many people can actually READ a
trace? Especially one with as many packets as are likely to be found in a
one minute sample off a cable modem on a popular wire?
On Tue, 7 Nov 2000, HOOD, Andy wrote:
> And I would have thought letting just anyone run a sniffer would be "a
> bad thing"(tm).
> You never know whose password will be on the wire.
>
> -----Original Message-----
> From: Guy Harris [mailto:gharris@xxxxxxxxxxxx]
> Sent: Wednesday, November 08, 2000 7:30 AM
> To: John LeMay
> Cc: Palmer C Byrne; ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] Mandrake 7.2 and Ethereal User
> Privliges
>
> On Tue, Nov 07, 2000 at 12:54:17PM -0500, John LeMay wrote:
> > chmod 4755 /*/ethereal
> > chmod 4755 /*/tethereal
>
> I seem to remember seeing, somewhere, a claim that it is not safe to
> make GTK+ programs set-UID (or, at least, that GTK+ is not known to be
> safe, so that there's a risk that it's not safe); I think it may have
> been on one of the GTK+ mailing lists.
>
> Ethereal is a GTK+ program.
>
> Furthermore, we've not audited it to make sure it's safe to make
> set-UID; you make it set-UID at your own risk.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
