imsnif/bandwhich

Separate network sniffer to different process to reduce sudo exposure

Open

#76 创建于 2020年1月5日

在 GitHub 查看
 (4 评论) (2 反应) (0 负责人)Rust (237 fork)batch import
enhancementhelp wanted

仓库指标

Star
 (7,686 star)
PR 合并指标
 (30 天内没有已合并 PR)

描述

Right now bandwhich is built from 153 packages (from the cargo install count). That's a really large attack surface for an app that's going to run under sudo. Could the app be split into two processes? one of which runs as the user and handles the display, the other (with a smaller number of dependencies) as root to access just the network traffic and pass it to the user process.

I'd really like to be able to run the process as me. Then that process tries to sudo the network grabbing process with the required password if sudo requires it.

贡献者指南