Ethereal-dev: Re: [Ethereal-dev] Preparing for 1.0

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Mon, 06 Mar 2006 13:31:16 -0600
Michael Tuexen wrote:
> Just a question regarding the last point:
>>> Designate a set of dissectors as "known safe"?
> 
> What are the requirements for such dissectors and what are the
> consequences?

I don't know that the requirements were ever settled on.  It was
suggested a while back that dissectors be categorized for security to
benefit users and to encourage developers to write more secure code:

  http://www.ethereal.com/lists/ethereal-dev/200502/msg00195.html

There are several ways to categorize dissectors, such as formal audits,
past performance, or automated test scores.  The consequences are that
Ethereal might ship with fewer features out of the box, requiring the
user to enable those features automatically.