On 03/10/18 at 01:34, Alessandro Selli wrote: > On 19/09/18 at 18:47, Alessandro Selli wrote: >> On 19/09/18 at 14:07, m712 wrote: >>> On September 18, 2018 1:31:56 PM GMT+03:00, Alessandro Selli >>> <[email protected]> wrote: >>>> Hello, >>>> >>>> I recently installed etherape 0.9.13-1+b1 and found out it could >>>> not >>>> do anything when run as an unprivileged user: >>>> >>>> >>>> Error opening eth0 : eth0: You don't have permission to capture on that >>>> device (socket: Operation not permitted) - perhaps you need to be root? >>>> >>>> >>>> I could find an "EtherApe (as root)" menu item in my desktop's menu >>>> under System, but it asks for the superuser's password and I don't like >>>> that. >>>> >>>> I then run the following command as root: >>>> >>>> >>>> setcap CAP_NET_RAW=pe /usr/bin/etherape >>>> >>>> >>>> And i can now run etherape as a regular user without entering the >>>> superuser's password or setting the binary SUID root. >>>> >>>> Could this be make a default setting at package installation, or at >>>> least could there be some reference to this setting in the package info >>>> and/or in the command man page? >>> I agree that this should be a package default, not just here but on >>> Debian's side too. Would you like to contact the maintainer or should I? >>> >>> m712 >> For once I'll put aside my laziness and do it myself. ☺ >> >> Thank you anyway. >> >> >> Alessandro > OK, Debian package maintainer Frederic Peters asked me to open a new > bug. It is bug #910117: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910117 > > > Bye
They threw it out of the window: tag #910117 + wontfix thanks From: Patrick_Matthäi <[email protected]> > Am 04.10.2018 um 09:43 schrieb Laurent Bigonville: >> My 2¢ here, but su-to-root requires the user to enter the root >> password of the machine. >> >> Adding the capability to the file, will allow any user to run etherape >> and get information about the network traffic. >> >> Isn't that a bigger security issue to allow this by default? > Hi, > yes it is and that would be a blocking bug. > Users should do it on their own, if they think this is correct in their > scenario. Else etherape would be a trojan sniffer To me a sniffer is a program that can capture and analyze packets' contents, which in my understanding etherape does not do, as it just represents graphically TCP/IP connections, data that could be displayed with ss or netstat, plus traffic volume information. But maybe it could, and that's the point about not installing it with capabilities set. Oh well, whatever. -- Alessandro Selli <[email protected]> Tel. 3701355486 VOIP SIP: [email protected] Chiave firma e cifratura PGP/GPG signing and encoding key: BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
