wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Verification of user when run

Re: [Wireshark-dev] Verification of user when running Wireshark

From: Jaap Keuter <jaap.keuter_at_nospam>
Date: Tue Oct 19 2010 - 05:01:08 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

Hi,

Guy is right, the GPL voids this approach. Any Wireshark API call from your dissector makes it applicable, and I can't envision a plugin without one.

You do have proto_mark_private() which limits exposure of your plugin, by blocking Wiki access for your protocol fields. That is as far as it goes.

Thanks,
Jaap

On 19 okt. 2010, at 01:14, Guy Harris <guy@alum.mit.edu> wrote:

>
> On Oct 18, 2010, at 3:02 PM, Alex Lindberg wrote:
>
>> I am creating a number of dissectors and my company has concerns regarding the security of Wireshark/Tshark if these propriety dissectors escape into the wild.
>>
>> Has anyone create a user authentication plugin for Wireshark/Tshark
>
> No, because, for a given program or library, you can only create a plugin for operations where there are plugin hooks in the program or library, and Wireshark and TShark don't even have the notion of user authentication, much less a mechanism by which user authentication plugins can be added. The types of plugins that Wireshark and TShark support are:
>
> 1) dissectors;
>
> 2) tap listeners;
>
> 3) capture file format readers;
>
> 4) codecs.
>
>> that would require the user to have a certificate installed from a specific trusted authority? The certificate should also be base on an interface of the computer running Wireshark.
>
> If your proprietary dissectors are plugins that work with a standard distribution of Wireshark, a DRM mechanism for Wireshark/TShark itself wouldn't help - somebody could just plug the dissectors into a standard version of Wireshark, lacking that DRM mechanism, that they'd downloaded. The *dissector plugins* would have to check for the certificate.
>
> If your proprietary dissectors are built into a special version of Wireshark, you're already dealing with a modified version of the Wireshark source tree, so you could modify your version of Wireshark to do the certificate check.
>
> Note, of course, that, as per the GNU Public License, Version 2, if you distribute an executable version of Wireshark to somebody, including a version built from source that you've modified (see section 2 of the GPLv3), you must do one of the following (see section 3 of the GPLv2):
>
> a) Accompany it with the complete corresponding machine-readable
> source code, which must be distributed under the terms of Sections
> 1 and 2 above on a medium customarily used for software interchange; or,
>
> b) Accompany it with a written offer, valid for at least three
> years, to give any third party, for a charge no more than your
> cost of physically performing source distribution, a complete
> machine-readable copy of the corresponding source code, to be
> distributed under the terms of Sections 1 and 2 above on a medium
> customarily used for software interchange; or,
>
> c) Accompany it with the information you received as to the offer
> to distribute corresponding source code. (This alternative is
> allowed only for noncommercial distribution and only if you
> received the program in object code or executable form with such
> an offer, in accord with Subsection b above.)
>
> which means that, if you've given them a binary version of Wireshark that includes your proprietary dissectors and the DRM code to prevent people without the certificate from running that version, you must provide the source code that was used to build that version, including your proprietary dissectors and the DRM code to prevent people without the certificate from running that version.
>
> Once they have that source code, they may, then, remove the DRM code and build their own version (see section 6 of the GPLv2), and I think they may even redistribute that version in source and binary form (at least as I read section 6 of the GPLv2).
>
> I am not certain what the rules are about plugins, but, at least at one point on one of the Wireshark mailing lists, somebody claimed that a plugin for Wireshark must itself be licensed under the GPLv2; I'm not certain which part of the GPLv2 would require that. Section 2 does say
>
> These requirements apply to the modified work as a whole. If
> identifiable sections of that work are not derived from the Program,
> and can be reasonably considered independent and separate works in
> themselves, then this License, and its terms, do not apply to those
> sections when you distribute them as separate works. But when you
> distribute the same sections as part of a whole which is a work based
> on the Program, the distribution of the whole must be on the terms of
> this License, whose permissions for other licensees extend to the
> entire whole, and thus to each and every part regardless of who wrote it.
>
> but I don't know whether a plugin for Wireshark, not based on *ANY* GPLed dissector code for Wireshark (if it were based on any existing GPLed code, it would itself be GPLed), could be considered an "identifiable [section] of that work ... not derived from the Program".
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe