http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1741
Summary: Privilege separation patch
Product: Wireshark
Version: SVN
Platform: All
URL: http://wiki.wireshark.org/Development/PrivilegeSeparatio
n
OS/Version: All
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: gerald@xxxxxxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
This patch makes significant changes to Wireshark's privilege model:
- The autoconf/automake configuration now installs dumpcap and TShark setuid
by default. A non-privileged user (default "wireshark") is also defined.
- If run as root, Wireshark will drop privileges at startup, either to the
calling user (if non-root) or to the non-privileged user (if root).
- TShark will drop privileges after pcap_open_live(), similar to Wireshark
This keeps us from running the 1-point-something million lines of code in
epan as root. It includes some, but not all, of the material in
http://secure.lv/~nikns/stuff/ports/wireshark-0.99.6_4.1.tar . Missing is
the code that disables updating the BPF filter after it's been set.
These changes only apply to Unix/Linux, but we might be able to do something
similar for Vista (see below).
Still to do:
- Incorporate Emanuele Caratti's Linux capabilities patch. This would let us
drop privileges in dumpcap as well.
- For Vista, we might be able to update dumpcap's manifest to always start as
Administrator. Right now you have to run Wireshark itself as Administrator if
you want to capture. More information can be found at
http://www.codeproject.com/useritems/UAC__The_Definitive_Guide.asp . I'm not
sure what to do about TShark in this case.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.