From kde-devel Fri Nov 04 22:22:49 2005 From: Giovanni Venturi Date: Fri, 04 Nov 2005 22:22:49 +0000 To: kde-devel Subject: KSniffer and the "sniff" suid Message-Id: <200511042322.49512.gventuri73 () tiscali ! it> X-MARC-Message: https://marc.info/?l=kde-devel&m=113114252227368 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============1616910597==" --===============1616910597== Content-Type: multipart/signed; boundary="nextPart1151040.GjV2S5ubYz"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart1151040.GjV2S5ubYz Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello, I'm the KSniffer author (trunk/playground/network/ksniffer). I released=20 KSniffer 0.1.1 at the end of July. In that release to sniff packets from=20 network interface I used kdesu to give the GUI the root privileges because = I=20 used sniffing directly from the GUI by QThread with libpcap. Now in the version in trunk (I hope to release 0.2 for Christmas) I don't n= eed=20 kdesu anymore because I wrote "sniff" application that uses suid privileges= =20 to be executed as root by any user. This application simply read an XML fil= e=20 produced by the GUI and than start sniffing packets writing them into a fil= e.=20 The GUI read this file and so display the packets in a KListView in the Mai= n=20 View. Can someone take a look at the code? Is it a good solution? I removed= =20 the kdesu use because of a GUI bad "look and feel" style... Configuring=20 KSniffer "look and feel" was hard because I needed to modify root "look and= =20 feel", so to simplify this I hope no security issue introduced with this ne= w=20 KSniffer version. I know Waldo Bastian and some other of you follow the KDE= =20 security bugs. I know this is not Konqueror or KDM and it's just an=20 application in playground but I hope someone can suggest me, give hints or= =20 take a look at the code. I know that in case a bad formed packets arrive to the network interface th= e=20 application crash (at least GUI) because I don't check yet if a packet is=20 corrupted or not, but in next weeks this has to be done to avoid security=20 problem and crashes. I know network packets hardly is corrupted but this=20 feature is important. Some developers asked me to remove kdesu so after some problem I found the= =20 "right" way. Any idea? Thank you, Giovanni =2D-=20 A KDE Italian translator and KSniffer core developer Slackware GNU/Linux current version - kernel 2.6.14 --nextPart1151040.GjV2S5ubYz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQBDa985nT2ev4/bQKARAhz0AJwOjhUSCA/g1KkAtJxInJUrHYGwSQCfT9UE VBjynCI+gHxy0ePslTUhOwc= =Gc2a -----END PGP SIGNATURE----- --nextPart1151040.GjV2S5ubYz-- --===============1616910597== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe << --===============1616910597==--