Your message dated Tue, 9 Oct 2018 11:41:10 +0200
with message-id <[email protected]>
and subject line Re: Bug#910117: Etherape would benefit from Linux Capabilities
has caused the Debian Bug report #910117,
regarding Etherape would benefit from Linux Capabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
910117: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910117
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: etherape
Version: 0.9.13-1+b1
Severity: wishlist
Command etherape cannot work out of the box for unprivileged users.
There is an etherape-root.desktop menu entry that runs:
Exec=su-to-root -X -c /usr/bin/etherape
However I do not like running X11 applications as root and I'd very much do
without using the superuser's (or even my user's) password as much as
possible.
I noticed that assigning the NET_RAW capabilities to the
/usr/bin/etherape executable makes it work for underprivileged users:
# setcap CAP_NET_RAW=pe /usr/bin/etherape
I would like very much to see this setting become the default on Debian
installations.
Installed etherape on an amd64 machine. OS is actually Devuan 2.0 Ascii,
which pulls the etherape package straight from Debian.
Running a custom 4.9.125 kernel.
--
Alessandro Selli <[email protected]>
VOIP SIP: [email protected]
Chiave firma e cifratura PGP/GPG signing and encoding key:
BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
tag #910117 + wontfix
thanks
Am 04.10.2018 um 09:43 schrieb Laurent Bigonville:
> On Wed, 3 Oct 2018 01:01:32 +0200 Alessandro Selli
> <[email protected]> wrote:
> >
> > Command etherape cannot work out of the box for unprivileged users.
> >
> > There is an etherape-root.desktop menu entry that runs:
> >
> > Exec=su-to-root -X -c /usr/bin/etherape
> >
> > However I do not like running X11 applications as root and I'd very
> much do
> > without using the superuser's (or even my user's) password as much as
> > possible.
> >
> > I noticed that assigning the NET_RAW capabilities to the
> > /usr/bin/etherape executable makes it work for underprivileged users:
> >
> > # setcap CAP_NET_RAW=pe /usr/bin/etherape
> >
> > I would like very much to see this setting become the default on Debian
> > installations.
>
> My 2¢ here, but su-to-root requires the user to enter the root
> password of the machine.
>
> Adding the capability to the file, will allow any user to run etherape
> and get information about the network traffic.
>
> Isn't that a bigger security issue to allow this by default?
Hi,
yes it is and that would be a blocking bug.
Users should do it on their own, if they think this is correct in their
scenario. Else etherape would be a trojan sniffer
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
Blog: http://www.linux-dev.org/
E-Mail: [email protected]
[email protected]
*/
--- End Message ---
