|
|
Log in / Subscribe / Register

wireshark: yet another pile of dissector flaws

wireshark: yet another pile of dissector flaws

Posted Oct 6, 2014 22:15 UTC (Mon) by bronson (guest, #4806)
In reply to: wireshark: yet another pile of dissector flaws by malor
Parent article: wireshark: yet another pile of dissector flaws

No it does NOT need root to run. Whenever I used it, I pulled dumps from some virtual interface who-knows-where, and then ran it -- as my user -- over the dumpfiles.

If you're running it as root, presumably you're doing it on a private network anyway, and therefore you don't have much to worry about or, at the very least, you know what threats you're facing.

> As is, wireshark is like a firetruck that explodes if an ember falls on it.

It seems to me like you're being a firetruck that explodes if an ember falls on it? Lots of vulnerabilities does not imply lots of danger.

Clearly you feel very strongly. Maybe you could direct some of that energy into strengthening the dissectors? It's an amazingly huge coding problem and can use all the man hours it can.

to post comments

wireshark: yet another pile of dissector flaws

Posted Oct 19, 2014 2:42 UTC (Sun) by ccurtis (guest, #49713) [Link] (2 responses)

No it does NOT need root to run. Whenever I used it, I pulled dumps from some virtual interface who-knows-where, and then ran it -- as my user -- over the dumpfiles.
I don't understand your argument. Instead of exploiting root, now it exploits your user account. This makes you feel better for some reason?

wireshark: yet another pile of dissector flaws

Posted Oct 19, 2014 3:05 UTC (Sun) by rahulsundaram (subscriber, #21946) [Link]

Why wouldn't it?

wireshark: yet another pile of dissector flaws

Posted Oct 19, 2014 3:23 UTC (Sun) by pizza (subscriber, #46) [Link]

> I don't understand your argument. Instead of exploiting root, now it exploits your user account. This makes you feel better for some reason?

Serious question. Just what, exactly, is the threat vector here?

I'm not saying that it's impossible to exploit, just that it would take a seriously motivated attacker specifically targeting you for it to be worth their effort -- and that's just for a maliciously crafted capture file. If the attack involved live packet injection into your local network segment, you've already lost.

...Maybe I lack imagination or paranoia, but the only scenarios I can come up with make Schneiner's Movie Plot Challenges look downright plausible in comparison.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds