Wireshark-bugs: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch

Date: Mon, 13 Aug 2007 21:50:27 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1741

           Summary: Privilege separation patch
           Product: Wireshark
           Version: SVN
          Platform: All
               URL: http://wiki.wireshark.org/Development/PrivilegeSeparatio
                    n
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gerald@xxxxxxxxxxxxx


Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
This patch makes significant changes to Wireshark's privilege model:

- The autoconf/automake configuration now installs dumpcap and TShark setuid
  by default. A non-privileged user (default "wireshark") is also defined.

- If run as root, Wireshark will drop privileges at startup, either to the
  calling user (if non-root) or to the non-privileged user (if root).

- TShark will drop privileges after pcap_open_live(), similar to Wireshark

This keeps us from running the 1-point-something million lines of code in 
epan as root. It includes some, but not all, of the material in 
http://secure.lv/~nikns/stuff/ports/wireshark-0.99.6_4.1.tar . Missing is
the code that disables updating the BPF filter after it's been set.

These changes only apply to Unix/Linux, but we might be able to do something 
similar for Vista (see below).

Still to do:

- Incorporate Emanuele Caratti's Linux capabilities patch. This would let us 
  drop privileges in dumpcap as well.

- For Vista, we might be able to update dumpcap's manifest to always start as
  Administrator. Right now you have to run Wireshark itself as Administrator if
  you want to capture. More information can be found at 
  http://www.codeproject.com/useritems/UAC__The_Definitive_Guide.asp . I'm not 
  sure what to do about TShark in this case.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.