Windows: use low integrity level to restrict privileges?

[Julien T <julien.t43 () gmail com>]

Hello,

First, thanks a lot for the great work on this fantastic tool that is
wireshark.
It's really an essential tool for network analysis.

As I'm back to use more Windows, I checked about privileges/sandboxing and
I ask myself why not use low integrity level (like browsers).
Of course, it's not working for capturing (which I hardly do in gui) and it
restricts accessible directories/registries. Still it could probably avoid
some dissector problems.

A quick test with icacls [1] got me running fine at low integrity level,
checking just a few options. An extra point, it supposes a ntfs partition,
no good for PortableWireshark on vfat usb.
Ideally a two (or three) process separation would be done to handle user
gui / dissectors & misc / admin capture and to be integrated in the
executable.

I check the roadmap [2] and Privilege Separation for Unix and Windows are
mentionned but I'm unsure if they were fully implemented for 1.0 or still
work in progress? (3 process separation as said previously)

Also I was trying to find a security page dedicated to known vulnerability
and past code audit but didn't find one (outside of wiki or dev [3]).
anything like that?

Thanks a lot
Cheers,

J

[1] http://msdn.microsoft.com/en-us/library/bb625960.aspx
[2] http://wiki.wireshark.org/Development/Roadmap
http://wiki.wireshark.org/Development/PrivilegeSeparation
[3] http://wiki.wireshark.org/Security
http://wiki.wireshark.org/Development/Security

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe