imsnif/bandwhich

Separate network sniffer to different process to reduce sudo exposure

Open

#76 opened on Jan 5, 2020

View on GitHub
 (4 comments) (2 reactions) (0 assignees)Rust (7,686 stars) (237 forks)batch import
enhancementhelp wanted

Description

Right now bandwhich is built from 153 packages (from the cargo install count). That's a really large attack surface for an app that's going to run under sudo. Could the app be split into two processes? one of which runs as the user and handles the display, the other (with a smaller number of dependencies) as root to access just the network traffic and pass it to the user process.

I'd really like to be able to run the process as me. Then that process tries to sudo the network grabbing process with the required password if sudo requires it.

Contributor guide

Tech stack
rust
Domain
clisecurity
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
over 1 week
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
needs investigation
Prerequisites
RustLinux system programmingIPC concepts
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
15
Research direction
Examine the current architecture in src/ to understand how network sniffing and display are integrated. Look for existing socket based IPC or process forking mechanisms. The comments may discuss alternative approaches, such as using a daemon process. Investigate using Unix domain sockets to pass data from a privileged sniffer process to an unprivileged display process, minimizing sudo exposure.