Joerg Mayer wrote:
I don't mind the message (see above) but I don't like the forced drop
of privs.
I've modified the proposed patch to simply warn the user instead of
dropping privs forcefully.
___
Wireshark-dev mailing list
Gerald Combs wrote:
That's exactly the problem I'm trying to solve. Ever since the initial
release, the standard practice for capturing on Unix/Linux systems has
included the step start Wireshark (or Ethereal) as root. Our own
User's Guide tells you to run Wireshark as root. There's a
Richard van der Hoff wrote:
Personally, I'd much prefer a popup that I can dismiss than wireshark
meddling with my users/groups and dropping privileges.
Is there any good example of another *user application* dropping
privileges as proposed by Gerald? After all, Wireshark isn't a system
daemon
Thomas Anders wrote:
Richard van der Hoff wrote:
Personally, I'd much prefer a popup that I can dismiss than wireshark
meddling with my users/groups and dropping privileges.
Is there any good example of another *user application* dropping
privileges as proposed by Gerald? After all,
Jeff Morriss wrote:
Thomas Anders wrote:
Richard van der Hoff wrote:
Personally, I'd much prefer a popup that I can dismiss than wireshark
meddling with my users/groups and dropping privileges.
Is there any good example of another *user application* dropping
privileges as proposed by
Thomas Anders wrote:
Jeff Morriss wrote:
Thomas Anders wrote:
Richard van der Hoff wrote:
Personally, I'd much prefer a popup that I can dismiss than wireshark
meddling with my users/groups and dropping privileges.
Is there any good example of another *user application* dropping
privileges
Jeff Morriss wrote:
tcpdump and commercial sniffer products probably need root access and
are reading from the network, but I'm not sure tcpdump counts as big
It's not as big as Wireshark, but it *has* had its own problems with
code vulnerable to malicious packets.
It will, before opening a
Joerg Mayer wrote:
On Tue, Aug 14, 2007 at 03:43:07PM -0700, Gerald Combs wrote:
I think it is best (easiest for users) to have Wireshark run as the user
who started it instead of a special user. Compiling it to run as a new
user called wireshark or other should be an option.
As long as
Jeff Morriss wrote:
Joerg Mayer wrote:
On Tue, Aug 14, 2007 at 03:43:07PM -0700, Gerald Combs wrote:
I think it is best (easiest for users) to have Wireshark run as the user
who started it instead of a special user. Compiling it to run as a new
user called wireshark or other should be an
On Wed, Aug 15, 2007 at 09:33:05AM -0700, Gerald Combs wrote:
I still think that this stuff is the wrong approach: wireshark should
not need root privileges and if you want to make sure that the program
Do you mean Wireshark the UI or the capturing part? At least on Solaris
versions
On Mon, Aug 13, 2007 at 02:58:10PM -0700, Gerald Combs wrote:
I've submitted a patch which implements some of the changes discussed at
http://wiki.wireshark.org/Development/PrivilegeSeparation . If no one
has any objections I'd like to check it in later this week.
I'm afraid you lost me with
Gerald Combs wrote:
I've submitted a patch which implements some of the changes discussed at
http://wiki.wireshark.org/Development/PrivilegeSeparation . If no one
has any objections I'd like to check it in later this week.
Whoo-hoo! Go Gerald! Thanks for finishing the work on that. :-)
Ulf Lamping wrote:
Joerg Mayer schrieb:
On Mon, Aug 13, 2007 at 02:58:10PM -0700, Gerald Combs wrote:
I've submitted a patch which implements some of the changes discussed at
http://wiki.wireshark.org/Development/PrivilegeSeparation . If no one
has any objections I'd like to check it in
Jeff Morriss wrote:
If this is the default then the release notes for the next release
better have a *really big* notice about that fact. (Imagine admins who
install Wireshark for their own use but have absolutely no intention of
letting mere mortals sniff the traffic. We don't want them
I've submitted a patch which implements some of the changes discussed at
http://wiki.wireshark.org/Development/PrivilegeSeparation . If no one
has any objections I'd like to check it in later this week.
Original Message
Subject: [Wireshark-bugs] [Bug 1741] New: Privilege
On Mon, Aug 13, 2007 at 02:58:10PM -0700, Gerald Combs wrote:
I've submitted a patch which implements some of the changes discussed
at http://wiki.wireshark.org/Development/PrivilegeSeparation . If no
one has any objections I'd like to check it in later this week.
Thanks for your effort. The
16 matches
Mail list logo
