Gentle people,
I know lots of wireshark users always prefer to have new protocol
parsers or decoders added, while everytime when new stuffs added, it
will add excitement of it since it becomes more and more feature rich,
however since we all know that wireshark or previously ethereal has
lots of security vulnerabilities due to the submitted codes, I'm
thinking should wireshark has priviledge separation capability like
what other tools have done such as snort. I know some may not agree
with me where they won't run wireshark in real time to log packets and
all since dumpcap has been introduced for effective low memory
footprint but retains some flexibilities. However I still have seen
lots of people are trying to use wireshark on the fly when logging
packets and doing analysis on the fly.
So since wireshark needs root priviledge for initial launch, maybe we
can have wireshark drop its priviledge to other user(wireshark user
maybe), I think this can incredibly enhance the security of wireshark
which is always criticized by the communities.
Ober has done initial work previosly(ehtereal 0.10.14) but he seems not
commited or submited his code to ethereal community but add it to his
own OpenBSD unoffical port(check
www.linbsd.org), maybe can borrow his
privsep codes or write a better one if anyone can take it.
Just my 2 cents, I think wireshark should be very good to have this feature. Thanks.
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
