previously on this list Stuart Henderson contributed: > > If a port is considered dangerous like wireshark was it > > is removed to avoid encouraging it but users can still build it of > > course. > > There's a problem with *not* having it in ports too, if people do compile > it for themselves, considering how long the damn thing takes to build it's > highly likely that they won't update it as often as if there were packages... > > And it's less bad now than it used to be - they don't do proper privilege > separation like OpenBSD's tcpdump does, but at least it's now just the > network capture part that runs as root, the packet dissectors now run as > a normal uid.
I thought it was the sheer number of parsing bugs, wouldn't dumpcap suid have sorted that or have they built it in more finely and did doing that just bring other insecurities? I agree I could have chosen much better examples but I was trying to point out that even ports have some security consideration, randomised tcp and dns preventing mitm way before linux would have been better examples or even things like ping being different under the hood. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________