[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Replacement for Ethereal
Just to cut this huge discussion short, the main problem with
ethereal is that it needs to grab raw packets.
And under Unix, to grab raw packets, you must be root.
which is a big, big, problem with respect to security.
If you look closely at OpenBSD, you'll notice there are other
ugly beasts that need special privileges to do special things.
The X Windows server, for instance.
And guess what ? Most of these ugly beasts run as two processes now,
of which just one them runs as root. That's called privilege separation,
and that's about the simplest redesign that could solve ethereal.
so that the process that gets raw packets just gets raw packets, and
passes them on to the process that does the actual work.
That way, you get a much smaller chunk of code to fix. And breakage
in the packet analyzer will be much less serious.
BTW, these days, any new packet analyzer that pretends to replace
ethereal and doesn't use privilege separation is a complete joke.