severity 453292 wishlist
thanks
Ferenc Wagner wrote:
> root) the program can write into it. Maybe it's by design, but it took
> me quite some time to find the capset() call in the strace, which I can
> at least blame for this behaviour. Or maybe I'm wrong.
It drops everything but capture capability, this is a hard call but
given the successive security problems with wireshark I believe it
is safer not to allow anything else.
Perhaps it would be nice to add a --dont-drop-capabilities flag; I
won't make it this week but I'll keep the report open so I don't
forget about it.
Regards,
Frederic
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
