The debian change is indeed present in lucid. The wireshark-common postinst script is now capable of running these commands:
addgroup --quiet --system wireshark chown root:wireshark /usr/bin/dumpcap setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap However, those commands are only run if the debconf database contains a wireshark-common/install-setuid entry that is is not "false", and in ubuntu, no such entry is created upon installation. I just purged and re-installed to be sure. It seems the user is expected to somehow guess that wireshark will only capture for non-root users if dpkg/synaptic is run manually to configure the wireshark-common package. That is a lot to ask of anyone who isn't a wireshark package maintainer. There is a short, non-obvious note buried in the /usr/share/doc/wireshark-common: "The installation method can be changed any time by running: dpkg-reconfigure wireshark-common" However, I still see some information discovery problems here: - Even someone knowledgeable enough to look in /usr/share/doc would probably expect this information to be in the readme for wireshark, and could easily miss the one for wireshark-common. - Even if they did manage to find the critical readme, they could easily overlook that short note, because it is not worded clearly enough to be an obvious solution to the problem they're trying to solve. - Even if they finally figure out that reconfiguring the package might be the answer, the debconf prompt is misleading and warns them away from this. It asks if dumpcap should be installed "setuid root" (which is not what actually happens) and the help text warns of a security risk (which doesn't actually exist because setcap is used instead of setuid, and only for users manually added to the wireshark group). I think we would be doing our wireshark users a service to improve this situation. A few things that could help: - Run addgroup/setcap by default (don't require the user do go on a debconf hunt to make it happen). - Update the debconf text to reflect what is really going on (setcap, not setuid). - Document the use of the wireshark group in the wireshark readme. -- Must be run as root, which is not secure https://bugs.launchpad.net/bugs/513903 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
