wireshark: yet another pile of dissector flaws

Posted Oct 6, 2014 20:44 UTC (Mon) by mathstuf (subscriber, #69389)
In reply to: wireshark: yet another pile of dissector flaws by bronson
Parent article: wireshark: yet another pile of dissector flaws

What about hiding new dissectors behind a "enable experimental dissectors" button? I also agree that seccomp should be used here. Other than read (or, better, just use a memory buffer interface), what syscalls would be needed?

to post comments

wireshark: yet another pile of dissector flaws

Posted Oct 6, 2014 21:03 UTC (Mon) by dlang (guest, #313) [Link] (1 responses)

I expect that the majority of dissectors would never graduate from behind the button, and so it would become a "enable experimental dissectors to get anything useful"

wireshark: yet another pile of dissector flaws

Posted Oct 6, 2014 21:09 UTC (Mon) by malor (guest, #2973) [Link]

>I expect that the majority of dissectors would never graduate from behind the button, and so it would become a "enable experimental dissectors to get anything useful"

I think you're overstating that by a huge degree, but even if you're completely correct, that would still be better than what they're doing now.