Wireshark · Ethereal-dev: Re: [Ethereal-dev] Priv sep in ethereal

["Mark Pizzolato" <ethereal-dev-20030907@xxxxxxxxxxxxxxxxx>]

On Tuesday, February 08, 2005 at 12:53 AM, Ulf Lamping wrote:
> Stephen Samuel (leave the email alone) wrote:
>
> > I realize that the code may not be all that big, but when
> > deciding policies, my backup thought is 'what would happen if
> > *everybody* did this?"  Besides, if it adds capabilities for
> > non-priveledged processes, some people might consider this to
> > be a security issue.
>
> That's the important point IMHO.
>
> An administrator might not want users to capture from the network (for
> whatever reason), so it should not enable this feature "accidentially"
> as a default option.

Well, for all currently running Ethereal installations on windows, 
essentially everyone has been "enabling this feature accidentally" the first 
time anyone runs ethereal as an administrator.  Almost no one realized this 
first invocation of ethereal caused the NPF driver to load and to be left 
running.

Ultimately WinPcap should be enhanced to handle device permissioning better.

Meanwhile, if an administrator wants to achieve privilege separation on 
Windows (a very good thing), the best choice is to auto load NPF.  Making 
this choice at install time would seem generally appropriate.

- Mark Pizzolato