Re: Verification of user when running Wireshark

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

Guy is right, the GPL voids this approach. Any Wireshark API call from your dissector makes it applicable, and I can't 
envision a plugin without one. 

You do have proto_mark_private() which limits exposure of your plugin, by blocking Wiki access for your protocol 
fields. That is as far as it goes. 

Thanks,
Jaap


On 19 okt. 2010, at 01:14, Guy Harris <guy () alum mit edu> wrote:

> On Oct 18, 2010, at 3:02 PM, Alex Lindberg wrote:
>
> > I am creating a number of dissectors and my company has concerns regarding the security of Wireshark/Tshark if these 
> > propriety dissectors escape into the wild. 
> >
> > Has anyone create a user authentication plugin for Wireshark/Tshark
>
> No, because, for a given program or library, you can only create a plugin for operations where there are plugin hooks 
> in the program or library, and Wireshark and TShark don't even have the notion of user authentication, much less a 
> mechanism by which user authentication plugins can be added.  The types of plugins that Wireshark and TShark support 
> are:
>
>    1) dissectors;
>
>    2) tap listeners;
>
>    3) capture file format readers;
>
>    4) codecs.
>
> > that would require the user to have a certificate installed from a specific trusted authority?  The certificate 
> > should also be base on an interface of the computer running Wireshark.
>
> If your proprietary dissectors are plugins that work with a standard distribution of Wireshark, a DRM mechanism for 
> Wireshark/TShark itself wouldn't help - somebody could just plug the dissectors into a standard version of Wireshark, 
> lacking that DRM mechanism, that they'd downloaded.  The *dissector plugins* would have to check for the certificate.
>
> If your proprietary dissectors are built into a special version of Wireshark, you're already dealing with a modified 
> version of the Wireshark source tree, so you could modify your version of Wireshark to do the certificate check.
>
> Note, of course, that, as per the GNU Public License, Version 2, if you distribute an executable version of Wireshark 
> to somebody, including a version built from source that you've modified (see section 2 of the GPLv3), you must do one 
> of the following (see section 3 of the GPLv2):
>
>    a) Accompany it with the complete corresponding machine-readable
>    source code, which must be distributed under the terms of Sections
>    1 and 2 above on a medium customarily used for software interchange; or,
>
>    b) Accompany it with a written offer, valid for at least three
>    years, to give any third party, for a charge no more than your  
>    cost of physically performing source distribution, a complete   
>    machine-readable copy of the corresponding source code, to be
>    distributed under the terms of Sections 1 and 2 above on a medium
>    customarily used for software interchange; or,
>
>    c) Accompany it with the information you received as to the offer
>    to distribute corresponding source code.  (This alternative is 
>    allowed only for noncommercial distribution and only if you
>    received the program in object code or executable form with such
>    an offer, in accord with Subsection b above.)
>
> which means that, if you've given them a binary version of Wireshark that includes your proprietary dissectors and 
> the DRM code to prevent people without the certificate from running that version, you must provide the source code 
> that was used to build that version, including your proprietary dissectors and the DRM code to prevent people without 
> the certificate from running that version.
>
> Once they have that source code, they may, then, remove the DRM code and build their own version (see section 6 of 
> the GPLv2), and I think they may even redistribute that version in source and binary form (at least as I read section 
> 6 of the GPLv2).
>
> I am not certain what the rules are about plugins, but, at least at one point on one of the Wireshark mailing lists, 
> somebody claimed that a plugin for Wireshark must itself be licensed under the GPLv2; I'm not certain which part of 
> the GPLv2 would require that.  Section 2 does say
>
>  These requirements apply to the modified work as a whole.  If
>  identifiable sections of that work are not derived from the Program,  
>  and can be reasonably considered independent and separate works in
>  themselves, then this License, and its terms, do not apply to those
>  sections when you distribute them as separate works.  But when you
>  distribute the same sections as part of a whole which is a work based  
>  on the Program, the distribution of the whole must be on the terms of
>  this License, whose permissions for other licensees extend to the
>  entire whole, and thus to each and every part regardless of who wrote it.
>
> but I don't know whether a plugin for Wireshark, not based on *ANY* GPLed dissector code for Wireshark (if it were 
> based on any existing GPLed code, it would itself be GPLed), could be considered an "identifiable [section] of that 
> work ... not derived from the Program".
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe