Wireshark · Wireshark-dev: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch]

Wireshark-dev: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patc

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Mon, 13 Aug 2007 14:58:10 -0700

I've submitted a patch which implements some of the changes discussed at
http://wiki.wireshark.org/Development/PrivilegeSeparation . If no one
has any objections I'd like to check it in later this week.

-------- Original Message --------
Subject: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch
Date: Mon, 13 Aug 2007 21:50:27 +0000 (GMT)
From: bugzilla-daemon@xxxxxxxxxxxxx
Reply-To: wireshark-dev@xxxxxxxxxxxxx
To: wireshark-bugs@xxxxxxxxxxxxx

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1741

           Summary: Privilege separation patch
           Product: Wireshark
           Version: SVN
          Platform: All
               URL: http://wiki.wireshark.org/Development/PrivilegeSeparatio
                    n
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gerald@xxxxxxxxxxxxx


Build Information:
Paste the COMPLETE build information from "Help->About Wireshark",
"wireshark
-v", or "tshark -v".
--
This patch makes significant changes to Wireshark's privilege model:

- The autoconf/automake configuration now installs dumpcap and TShark setuid
  by default. A non-privileged user (default "wireshark") is also defined.

- If run as root, Wireshark will drop privileges at startup, either to the
  calling user (if non-root) or to the non-privileged user (if root).

- TShark will drop privileges after pcap_open_live(), similar to Wireshark

This keeps us from running the 1-point-something million lines of code in
epan as root. It includes some, but not all, of the material in
http://secure.lv/~nikns/stuff/ports/wireshark-0.99.6_4.1.tar . Missing is
the code that disables updating the BPF filter after it's been set.

These changes only apply to Unix/Linux, but we might be able to do
something
similar for Vista (see below).

Still to do:

- Incorporate Emanuele Caratti's Linux capabilities patch. This would
let us
  drop privileges in dumpcap as well.

- For Vista, we might be able to update dumpcap's manifest to always
start as
  Administrator. Right now you have to run Wireshark itself as
Administrator if
  you want to capture. More information can be found at
  http://www.codeproject.com/useritems/UAC__The_Definitive_Guide.asp .
I'm not
  sure what to do about TShark in this case.


-- 
Configure bugmail:
http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
Wireshark-bugs mailing list
Wireshark-bugs@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-bugs

Follow-Ups:
- Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch]
  - From: Stephen Fisher
- Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch]
  - From: Joerg Mayer
- Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch]
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-dev] MIB parsing unnecessary
Next by Date: [Wireshark-dev] review_for_checkin requested: [Bug 1741] Privilege separation patch
Previous by thread: Re: [Wireshark-dev] Graphs and Values
Next by thread: Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation patch]
Index(es):
- Date
- Thread