Mark Pizzolato schrieb:
On Monday, February 07, 2005 at 1:50 PM, Ulf Lamping wrote:
Stephen Samuel (leave the email alone) wrote:
You might have a look at the wiki page about that topic:
http://wiki.ethereal.com/Development_2fPrivilegeSeparation
You might add comments about the topic at that page.
Interestingly, I'm started to implement privilege separation of the
capturing code lately, but this requires some deep redesign of the
capturing engine code which isn't trivial to do, so don't expect any
changes on this in the very near future.
You post some interesting ideas for Window, however, they are far more
complicated than needed (i.e. the model of having a separate process
doing actual pcap activities and a separate non privilege display process).
Winpcap actually ONLY needs privilege to "load the NPF driver". When
winpcap is installed, the NPF driver is configured to load "On Demand",
which means by the first user of an application which uses winpcap.
Privilege is needed to perform this load, but any unprivileged
application can use winpcap after the NPF driver is initially loaded.
.The act of loading the NPF driver can be done automatically at system
boot time by making a simple registry change the details of which
described at: http://winpcap.polito.it/misc/faq.htm#Q-18
The ethereal windows installer could probably be offer an option to
enable the starting of NPF at system startup. This would completely
solve privilege separation for Windows and avoid the overhead of
attempting to do these things in a separate process and pass all data to
a display process.
Perhaps I should have read the winpcap's faq, before diving into the API
desciption of Winpcap. :) Now I have what I want. I'll see what I can do
to add it to the installer.
Regards,
Lars