On 2009/04/15 14:47, Ingo Schwarze wrote: > > Wireshark is the world's foremost > > Is this now priviledge seperated? > > http://www.openbsd.org/cgi-bin/cvsweb/ports/net/ethereal/Attic/Makefile#rev1.91 >
Not as we know the term "privilege separation", no. They split the capture off into a separate program that can run setuid while the dissectors are run as your normal userid. (Well, they are if the port was setup to use this, which this one isn't). As you see from the release notes of pretty much every version of Wireshark, the dissectors are NOT safely coded, they should be jailed as an _unprivileged_ user. Take a look at how our tcpdump handles its dissectors.
