Wireshark mailing list archives
Re: Running with special privileges in build dir, result of get_datafile_dir()
From: Guy Harris <guy () alum mit edu>
Date: Wed, 31 Aug 2011 11:04:09 -0700
On Aug 31, 2011, at 1:26 AM, Anders Broman wrote:
Do we need the check for special privileges in get_datafile_dir()?
At an absolute minimum, if we're running with elevated privileges, we *MUST* not allow the user to, in any way, say that the directory in which to find "system" plugins, Lua scripts, Python scripts, or any other executable code/scripts is something other than the directory in which Wireshark was installed, so that, for example, if Wireshark is installed set-UID (which it shouldn't be - only dumpcap needs the special privileges), the user can't trick it into writing code they've written. Now, perhaps we should solve this by just having Wireshark and TShark and so on refuse to run with elevated privileges. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Running with special privileges in build dir, result of get_datafile_dir() Anders Broman (Aug 31)
- Re: Running with special privileges in build dir, result of get_datafile_dir() Guy Harris (Aug 31)
- Re: Running with special privileges in build dir, result of get_datafile_dir() Anders Broman (Aug 31)
- Re: Running with special privileges in build dir, result of get_datafile_dir() Guy Harris (Aug 31)
- Re: Running with special privileges in build dir, result of get_datafile_dir() Guy Harris (Aug 31)
- Re: Running with special privileges in build dir, result of get_datafile_dir() Anders Broman (Aug 31)
- Re: Running with special privileges in build dir, result of get_datafile_dir() Guy Harris (Aug 31)