Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: Disector categories (Re: [Ethereal-dev] Priv sep in ethereal)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Stephen Samuel (leave the email alone)" <samnospam@xxxxxxxxxxx>
Date: Fri, 18 Feb 2005 02:03:58 -0800
Joerg Mayer wrote:

On Sun, Feb 13, 2005 at 02:47:45PM +0100, Bruno Rohee wrote:



This is a very important point being mentioned here that was discussed at
least once when the whole thread started: For optimal security the
*decoding* process should run
a) with privilege separation as a specific decoding user and
b) chrooted to somewhere, where *no* data can be written.


This would probably work OK with Linux and BSD.  My understanding
of Windows, however is that process switching is rather expensive
which is why it prefers threads (sigh!). I think that the actual
work could be easily done in a way that makes the difference seem
transparent (from a programming point of view, once the threads/
processes have been started).

--
Stephen Samuel +1(604)876-0426             samnospam@xxxxxxxxxxx
		   http://www.bcgreen.com/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube