wireshark: multiple vulnerabilities

Posted Feb 2, 2015 3:59 UTC (Mon) by malor (guest, #2973)
In reply to: wireshark: multiple vulnerabilities by flussence
Parent article: wireshark: multiple vulnerabilities

>Running wireshark as root is not its primary mode - that's why it has a big fat startup warning telling you how *not* to do that, should you try to.

That's a bullshit retcon by the developers. They didn't add those warnings until they began to realize just how bad their code was.

And, it should be noted: instead of fixing it.

wireshark: multiple vulnerabilities

Posted Feb 2, 2015 13:48 UTC (Mon) by nix (subscriber, #2304) [Link]

It's not 'bullshit retcon', it's a side-effect of a security improvement, namely privilege-separating the packet capture (which must run as root) from eveything else (which, after that change, no longer needed to).

The warning is there to remind people who were used to the *old* way of running Wireshark, which really was terrifying (run it as root), that this was no longer either necessary or recommended. If they hadn't added that warning, many people would never have noticed the change, and would have continued to expose themselves to more security problems than necessary. What would you suggest they do instead?

(However... the dissectors do seem like an excellent example of something that is comparatively easy to privsep into a separate process and seccomp away from almost everything. They're little more than complicated parsers, a perfect fit for something like seccomp.)