Control: tags -1 confirmed Hi,
Gunnar Wolf <[email protected]> ezt írta (időpont: 2025. okt. 14., K, 20:16): > > Package: stratoshark > Version: 0.9.3-1 > Severity: normal > > I am a first-time strato user, trying to evaluate it. I tried to run it as > a nonprivileged user, and got the following: > > $ strato > ** (falcodump:553486) 12:13:15.657393 [falcodump WARNING] > ./extcap/falcodump.cpp:967 -- main(): Unable to open kmod: error opening > device /dev/scap0. Make sure you have root credentials and that the scap > module is loaded: No such file or directory > > However, if I try to run it as root, the first thing I see is: > > # strato > Running as user "root" and group "root". This could be dangerous. > > This is quite confusing. Please try to lead to a situation where the user > is not scolded whatever they do 😉 This is confusing indeed and there is no really good easy solution. Upstream's packages run falcodump/dumpcalls as setuid root binaries and I proposed following that scheme on debian-devel [1], but it was pointed out that using PolicyKit for privilege escalation would be the ideal and that's not implemented yet. For testing it may be a good compromise to make falcodump setuid locally and clear the setuid bit when the testing is finished. Cheers, Balint [1] https://lists.debian.org/debian-devel/2025/10/msg00052.html
