Ethereal-dev: Re: Disector categories (Re: [Ethereal-dev] Priv sep in ethereal)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Stephen Samuel <samuel@xxxxxxxxxxx>
Date: Sat, 12 Feb 2005 18:23:10 -0800
ronnie sahlberg wrote:
dont run a application as root.
this is not specific to ethereal, it applies to all software DONT run
apps as root!

Unfortunately, ethereal needs raw device support to get the


if you log in as root   it is game over already   ethereal or no ethereal.
....
ethereal developers do their best to avoid bugs.  unfortunately bugs
do creap into the code.thats life.

Bugs are part of life -- Working to minimize the bugs that do
creep in (both in terms of count and severity) is part of good
development.

As for BSD, they made a decision that ethereal was not compatible with
their goals,   good for them   thats their decision.

Well, it's not *currently* compatible with their security goals.
I'm thinking that, if we can find a way to get the two compatible
again, it's likely to be good for both camps.  I'm going on the
presumption that the BSD people have some (hopefully good) ideas
about how to make ethereal releases more secure to the point
where they won't be squeamish about including it in their ports
collection again.

Being more secure is rarely a bad thing (unless this also implies
blatant unusability)

--
Stephen Samuel +1(604)876-0426                samuel@xxxxxxxxxxx
		   http://www.bcgreen.com/~samuel/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.