Wireshark · Ethereal-dev: Re: [Ethereal-dev] Priv sep in ethereal

["Mark Pizzolato" <ethereal-dev-20030907@xxxxxxxxxxxxxxxxx>]

On Monday, February 07, 2005 at 1:50 PM, Ulf Lamping wrote:
> Stephen Samuel (leave the email alone) wrote:
> You might have a look at the wiki page about that topic:
>
> http://wiki.ethereal.com/Development_2fPrivilegeSeparation
>
> You might add comments about the topic at that page.
>
> Interestingly, I'm started to implement privilege separation of the
> capturing code lately, but this requires some deep redesign of the
> capturing engine code which isn't trivial to do, so don't expect any
> changes on this in the very near future.

You post some interesting ideas for Window, however, they are far more 
complicated than needed (i.e. the model of having a separate process doing 
actual pcap activities and a separate non privilege display process).

Winpcap actually ONLY needs privilege to "load the NPF driver".  When 
winpcap is installed, the NPF driver is configured to load "On Demand", 
which means by the first user of an application which uses winpcap. 
Privilege is needed to perform this load, but any unprivileged application 
can use winpcap after the NPF driver is initially loaded.  .The act of 
loading the NPF driver can be done automatically at system boot time by 
making a simple registry change the details of which described at: 
http://winpcap.polito.it/misc/faq.htm#Q-18

The ethereal windows installer could probably be offer an option to enable 
the starting of NPF at system startup.  This would completely solve 
privilege separation for Windows and avoid the overhead of attempting to do 
these things in a separate process and pass all data to a display process.

- Mark Pizzolato