Ulf Lamping wrote:
The most important part: we no longer use two different task models for
capturing. Even the ring buffer modes will work with two tasks now.
Note that these changes could, I suspect, allow a process to rename a
capture file in between the point at which the capturing child process
creates it and the point at which the parent opens it after being given
the pathname by the child. This might not be possible on Windows, as it
doesn't allow renames of open files, but it *is* possible on UN*X, and
runs the risk that the parent could be tricked into reading a file it's
not supposed to read.
This might not be an easy exploit - but, a long time ago, the reason why
Ethereal was changed to pass a file descriptor for the open file to the
capturing child process was that the OpenBSD folk considered this a hole
and "fixed" it in the version in the OpenBSD ports database in such a
way that broke it.
On many UN*Xes, the capture child could pass to the parent a file
descriptor for the file it opened. However, as far as I know, not *all*
UN*Xes support this, and the way it's done isn't the same on all UN*Xes
(on UN*Xes where pipes are implemented as UNIX-domain sockets, you'd use
the mechanism in UNIX-domain sockets to pass file descriptors; on UN*Xes
where they're implemented as STREAMS connections and you can pass
descriptors over STREAMS connections, you'd use that mechanism; on other
UN*Xes, you might not be able to do it).
