Hi Alf, Em dom, 19 de mar de 2017 às 13:06, Alf <[email protected]> escreveu: > > Package: linssid > Version: 2.9-3 > Severity: important > Tags: security > > Dear Maintainer, > > Just installing linssid in Stretch results in beeing unfunctional. > The installer creates an entry in the Applications-Menu which just is > unable to start linssid. > > A (dirty) workaround is to start the application comletely as root from > the command line. However this is a unnecessary security risk as the > whole graphical stuff does not need the root privileges, it is just the > command "iw wlan0 scan" to contol the wifi-device. Running it this way > also spams the home directory of root with its configuration settings > and logging. > > To demonstrate how it should work, and as version 2.7-1 under Jessie > does, I downloaded the original package linssid_2.9-1_amd64.deb from > SourceForge, installed the necessary dependencies (libboost-regex1.58 > and libicu55) from Debian-snapshots and it works as expected. At start > it requests the root-PW once (popup window) and runs > "sudo iw wlan0 scan" to scan the device. > > Of course this requires the user starting linssid, to be member of group > "sudo" and to modify /etc/sudoers to ask the root-PW, i.e like this: > Defaults env_reset, targetpw, timestamp_timeout=0
Thanks for your message. I just uploaded linssid 3.6 that uses policykit to gain root permission. So, the execution from menu is fixed. However, the rights over iw command only is not solved by this new scenary. But I think this is the best solution because sudo is a bit insecure IMHO (I am a specialist in computer forensics and sudo forgets/keeps the root password in RAM after execute the binary). Can I close this bug? Regards, Eriberto

