[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Replacement for Ethereal

To: "Ports@Openbsd.Org" <ports@openbsd.org>
Subject: Re: Replacement for Ethereal
From: Marc Espie <espie@nerim.net>
Date: Wed, 21 Jul 2004 00:47:47 +0200
Content-Disposition: inline
Mail-Followup-To: "Ports@Openbsd.Org" <ports@openbsd.org>
References: <1090355321.31440.30.camel@tdonahue02.haynes-group.com>
User-Agent: Mutt/1.5.6i

Just to cut this huge discussion short, the main problem with
ethereal is that it needs to grab raw packets.
And under Unix, to grab raw packets, you must be root.
which is a big, big, problem with respect to security.

If you look closely at OpenBSD, you'll notice there are other
ugly beasts that need special privileges to do special things.
The X Windows server, for instance.

And guess what ? Most of these ugly beasts run as two processes now,
of which just one them runs as root. That's called privilege separation,
and that's about the simplest redesign that could solve ethereal.

so that the process that gets raw packets just gets raw packets, and
passes them on to the process that does the actual work.

That way, you get a much smaller chunk of code to fix. And breakage
in the packet analyzer will be much less serious.

BTW, these days, any new packet analyzer that pretends to replace
ethereal and doesn't use privilege separation is a complete joke.

Follow-Ups:
- Re: Replacement for Ethereal
  - From: Waldemar Brodkorb <wbx@openbsd.de>
- Re: Replacement for Ethereal
  - From: Raymond Lillard <rlillard@sonic.net>

References:
- Replacement for Ethereal
  - From: Tim Donahue <tdonahue@haynes-group.com>

Prev by Date: ☆ 카.드돌려막기! 1000만원 돌려막으면 1년이면 676만원의 이자!! ☆ wurgul adp rt
Next by Date: ★국내1위 싼이자로1억원까지 년5.8~12.5% 100%승인! sqdwznf
Prev by thread: Re: Replacement for Ethereal
Next by thread: Re: Replacement for Ethereal
Index(es):
- Date
- Thread