[Mageia-dev] [changelog] [RPM] cauldron core/release wireshark-1.8.4-2.mga3
Colin Guthrie
mageia at colin.guthr.ie
Mon Dec 17 10:57:13 CET 2012
'Twas brillig, and Olivier Blin at 17/12/12 09:55 did gyre and gimble:
> wally <buildsystem-daemon at mageia.org> writes:
>
>> Name : wireshark Relocations: (not relocatable)
>> Version : 1.8.4 Vendor: Mageia.Org
>> Release : 2.mga3 Build Date: Sat Dec 1 17:48:14 2012
>> Install Date: (not installed) Build Host: jonund.mageia.org
>> Group : Monitoring Source RPM: (none)
>> Size : 24192404 License: GPLv2+ and GPLv3
>> Signature : (none)
>> Packager : wally <wally>
>> URL : http://www.wireshark.org
>> Summary : Network traffic analyzer
>> Description :
>> Wireshark is a network traffic analyzer for Unix-ish operating systems. It is
>> based on GTK+, a graphical user interface library, and libpcap, a packet
>> capture and filtering library.
>>
>> wally <wally> 1.8.4-2.mga3:
>> + Revision: 324195
>> - install dumpcap setuid root as upstream suggests (to allow to start wireshark as normal user)
>> - drop run-as-root hacks
>
> Hi,
>
> It seems you introduced a security flaw: now all users are able to
> capture the network traffic.
>
> This should be reverted, or restrictions should be added (maybe by
> making consolekit add acls if possible).
Perhaps only make it only work for users in the wheel group?
Col
--
Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the Mageia-dev
mailing list