On Mon, 17 Dec 2012 09:57:13 +0000 Colin Guthrie <[email protected]> wrote:
> 'Twas brillig, and Olivier Blin at 17/12/12 09:55 did gyre and gimble: > > wally <[email protected]> writes: > > > >> Name : wireshark Relocations: (not > >> relocatable) Version : 1.8.4 > >> Vendor: Mageia.Org Release : 2.mga3 > >> Build Date: Sat Dec 1 17:48:14 2012 Install Date: (not > >> installed) Build Host: jonund.mageia.org > >> Group : Monitoring Source RPM: (none) > >> Size : 24192404 License: GPLv2+ and > >> GPLv3 Signature : (none) Packager : wally <wally> > >> URL : http://www.wireshark.org > >> Summary : Network traffic analyzer > >> Description : > >> Wireshark is a network traffic analyzer for Unix-ish operating > >> systems. It is based on GTK+, a graphical user interface library, > >> and libpcap, a packet capture and filtering library. > >> > >> wally <wally> 1.8.4-2.mga3: > >> + Revision: 324195 > >> - install dumpcap setuid root as upstream suggests (to allow to > >> start wireshark as normal user) > >> - drop run-as-root hacks > > > > Hi, > > > > It seems you introduced a security flaw: now all users are able to > > capture the network traffic. > > > > This should be reverted, or restrictions should be added (maybe by > > making consolekit add acls if possible). > > Perhaps only make it only work for users in the wheel group? > Ah, yes. Didn't think that much. :\ As Colin suggested we could "chgrp wheel /usr/bin/dumpcap && chmod 4750 /usr/bin/dumpcap". Or we could create wireshark group for it and do the same.
