On Aug 31, 2011, at 1:26 AM, Anders Broman wrote:
> Do we need the check for special privileges in get_datafile_dir()?
At an absolute minimum, if we're running with elevated privileges, we *MUST* not allow the user to, in any way, say that the directory in which to find "system" plugins, Lua scripts, Python scripts, or any other executable code/scripts is something other than the directory in which Wireshark was installed, so that, for example, if Wireshark is installed set-UID (which it shouldn't be - only dumpcap needs the special privileges), the user can't trick it into writing code they've written.
Now, perhaps we should solve this by just having Wireshark and TShark and so on refuse to run with elevated privileges.