On 9/8/05, ober <[EMAIL PROTECTED]> wrote: > I have a patch I can apply that does setuid() to _ethereal once the > capture device is actually opened. > As I said in the original posting:
What about running ethereal only under systrace? > As far as security goes, it goes without saying: > Dont run ethereal in capture/decode mode as root. Would a port that disables capture mode be acceptable? Sort of like the removal of '-w' (web) in the ntop port, it cripples functionality for the sake of security. Kevin Kadow
