Wireshark · Ethereal-dev: [Ethereal-dev] Re: Ethereal-dev] user plugins loaded even if root

Ethereal-dev: [Ethereal-dev] Re: Ethereal-dev] user plugins loaded even if root

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "John McDermott" <jjm@xxxxxxxxxx>

Date: Sun, 22 Jan 2006 11:17:11 -0700

Mighe we, as an interim effort, check to see if we are running setuid orsetgid and if so, pop up a warning box before loading plugins from an"untrusted" location? The warning box could allow or disallow loading suchplugiins. This is not a true solution, but might help until we decide whatto do (or get the capture factored out).


--john

A number of UN*Xes have an "issetugid()" call; if it's present, we could
use that.
If it's not present, if the OS has geteuid() and getegid(), we should
call both of those before relinquishing set-UID and set-GID privileges
(which we'd have to do anyway, in order to reclaim those privileges),
and compare the results against the results of getuid() and getgid()
and, if they don't match, set a global flag, and have "issetugid()"
return the value of that flag.




--
John McDermott, CCP
Writer, Educator, Consultant
jjm@xxxxxxxxxx        www.jkintl.com
V: +1 505/377-6293  F: +1 505/377-6313

Prev by Date: Re: [Ethereal-dev] Net-SNMP 5.3 released, update the Win32 packages?
Next by Date: Re: [Ethereal-dev] Net-SNMP 5.3 released, update the Win32 packages?
Previous by thread: Re: [Ethereal-dev] Net-SNMP 5.3 released, update the Win32 packages?
Next by thread: [Ethereal-dev] Build is failing on Windows as it doesn't have round()
Index(es):
- Date
- Thread