Re: [Ethereal-users] Mandrake 7.2 and Ethereal User Privliges

[Guy Harris <gharris@xxxxxxxxxxxx>]

On Tue, Nov 07, 2000 at 02:26:53PM -0800, Palmer C Byrne wrote:
> Being on a 
> cable modem isp, there are all sorts of weird traffic on the net that I 
> like to watch

Just out of curiosity, does the previous statement translate to "this is
running on my home machine, so I'll be the only one using it (assuming
nobody breaks into my machine)"?

If so, then (unless somebody breaks into your machine) the security
issues raised here, of letting other people run a sniffer program on
your machine, or of Ethereal possibly having security holes if made
set-UID, might not be relevant.

(You might still want to be nervous about people breaking into your
machine, but that's probably true even if you *don't* make Ethereal
set-UID root.)

> but don't want to be logged in as root all of the time.

I'm not logged in as root all the time on my home machine, either; I
just do an "su" to run Ethereal.  Perhaps not as convenient as a set-UID
Ethereal - or as convenient as making my machine's "bpf" devices
publicly readable and writable (a technique that works on BSD - and a
similar technique works on Solaris - but, as Linux uses sockets rather
than devices for packet capture, that technique won't work, and you'd
need to set the CAP_NET_RAW capability, as per my mail) - but "su" might
not be too inconvenient.