Wireshark · Ethereal-dev: [Ethereal-dev] user plugins loaded even if root

Ethereal-dev: [Ethereal-dev] user plugins loaded even if root

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Sat, 21 Jan 2006 13:40:57 +0100

Plugins in $HOME/.ethereal/plugins get loaded anyway whether they are
owned or not by the user running them.

That means that if ethereal is sudoed ( man sudo(8) ), as I imagine
some linux administrators want ethereal to be runt by users,  the code
in user plugins will be executed. That means that if I write, compile
and install a malicious plugin in my home dir (or any dir pointed by
$HOME) it would execute
with root privileges.

Should we load user plugins  only if owned by the user ethereal is
currently running?

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Follow-Ups:
- Re: [Ethereal-dev] user plugins loaded even if root
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Help with extending RSVP dissector
Next by Date: [Ethereal-dev] Re: Ethereal WebSphere MQ dissection on segmented message
Previous by thread: Re: [Ethereal-dev] Help with extending RSVP dissector
Next by thread: Re: [Ethereal-dev] user plugins loaded even if root
Index(es):
- Date
- Thread