severity 453292 wishlist thanks Ferenc Wagner wrote:
> root) the program can write into it. Maybe it's by design, but it took > me quite some time to find the capset() call in the strace, which I can > at least blame for this behaviour. Or maybe I'm wrong. It drops everything but capture capability, this is a hard call but given the successive security problems with wireshark I believe it is safer not to allow anything else. Perhaps it would be nice to add a --dont-drop-capabilities flag; I won't make it this week but I'll keep the report open so I don't forget about it. Regards, Frederic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]