<HTML>
<HEAD>
<TITLE>The KSnuffle Manual: Caveats</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000">
<FONT FACE="Helvetica">
<A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A>
<BR>
<HR noshade>
<DIV ALIGN=right>
<A HREF="index-8.html">Next</A>
<A HREF="index-6.html">Previous</A>
<A HREF="index.html#toc7">Table of Contents</A>
</DIV>
<BR>
<H3>
7. Caveats
</H3>
<H3>
<A NAME="sec7.1"></A>7.1 Implementation Caveats
</H3>
<P>
Please note the following points.
<UL>
<LI>
KSnuffle is based on <I>libpcap-0.4</I>, as used in, for example,
the <I>tcpdump</I> utility. Since I only have access to Linux
machines, I only have <I>libpcap</I> for Linux. If you wish to run
KSnuffle on a system other than Linux, you will need to get hold
of a suitable version of <I>libpcap</I> and rebuild the program.
</LI>
<LI>
KSnuffle bypasses the defined <I>libpcap</I> API. Specifically,
it may construct multiple filter programs for a single packet
capture instance, and applies these directly to captured packets;
the <I>libpcap</I> packet capture loop actually runs with a null
filter program which accepts all packets. So far as I can tell,
this works correctly for Linux, but I cannot test other systems.
</LI>
<LI>
Since I only have access to x86 machines, I cannot test KSnuffle
on big-endian machines.
</LI>
<LI>
Some of the KSnuffle code is Lunux dependant (eg., it uses
<I>/proc/net/arp</I> to obtain mappings between MAC and IP
addresses). Your milage may vary under other Unix's.
</LI>
<LI>
The protocol decoding in this version assumes that it is
handling correct packets. Hence, it would be possible to crash
KSnuffle by sending it, for instance, a suitably crafted
DNS datagram. However, so far as I am aware, it is not
susceptible to buffer overflow attacks.
</LI>
</UL>
</P>
<H3>
<A NAME="sec7.2"></A>7.2 Setuid and Root Execution
</H3>
<P>
If KSnuffle is installed normally, it will execute as whoever
invokes it. If the user is not root, then it will not be able to
access network interfaces. Under these circumstances, only log file
replay and remote sniffing is permitted.
</P>
<P>
If KSnuffle is set to be setuid-root, then selected non-root
users will be able to use the program; when KSnuffle is run
by root, then the <A HREF="index-4.11.html">User Setup</A> page can
be used to control this.
</P>
<P>
As if KDE 2.1 (at least, as of the CVS code from mid-January 2001),
the KDE libraries will detect programs that appear to be running
setuid-root, and will terminate them. KSnuffle contains code
to work around this restriction. However, the author accepts no
responsibility for any consequences of running KNsuffle in this
way.
</P>
<P>
If you do wish to use KSnuffle to sniff local network interfaces, but
are not prepared either to (a) make KSnuffle setuid-root nor (b) to
run it as root, then equivalent functionality can be provided
by installing the remote sniffer daemon
<A HREF="index-2.html#ss2.5">rsnuffle</A>. However, under such
circumstances, do not sniff the loopback device!
</P>
<P>
<A HREF="index-8.html">Next</A>
<A HREF="index-6.html">Previous</A>
<A HREF="index.html#toc6">Table of Contents</A>
</P>
<P>
<HR size="3" noshade>
</P>
</BODY>
</HTML>
distrib
>
Mandriva
>
8.2
>
i586
>
media
>
contrib
>
by-pkgid
>
07e50cafac9da67d9e9336db4030817a
>
files
>
90
