[Mageia-dev] [changelog] [RPM] cauldron core/release wireshark-1.8.4-2.mga3

David Walser luigiwalser at yahoo.com
Sat Dec 22 19:25:30 CET 2012 

Jani Välimaa wrote:
> On Mon, 17 Dec 2012 09:57:13 +0000
> Colin Guthrie <mageia at colin.guthr.ie> wrote:
> 
>> 'Twas brillig, and Olivier Blin at 17/12/12 09:55 did gyre and gimble:
>> > wally <buildsystem-daemon at mageia.org> writes:
>> > 
>> >> Name        : wireshark                    Relocations: (not
>> >> relocatable) Version     : 1.8.4
>> >> Vendor: Mageia.Org Release     : 2.mga3
>> >> Build Date: Sat Dec  1 17:48:14 2012 Install Date: (not
>> >> installed)               Build Host: jonund.mageia.org
>> >> Group       : Monitoring                    Source RPM: (none)
>> >> Size        : 24192404                         License: GPLv2+ and
>> >> GPLv3 Signature   : (none) Packager    : wally <wally>
>> >> URL         : http://www.wireshark.org
>> >> Summary     : Network traffic analyzer
>> >> Description :
>> >> Wireshark is a network traffic analyzer for Unix-ish operating
>> >> systems. It is based on GTK+, a graphical user interface library,
>> >> and libpcap, a packet capture and filtering library.
>> >>
>> >> wally <wally> 1.8.4-2.mga3:
>> >> + Revision: 324195
>> >> - install dumpcap setuid root as upstream suggests (to allow to
>> >> start wireshark as normal user)
>> >> - drop run-as-root hacks
>> > 
>> > Hi,
>> > 
>> > It seems you introduced a security flaw: now all users are able to
>> > capture the network traffic.
>> > 
>> > This should be reverted, or restrictions should be added (maybe by
>> > making consolekit add acls if possible).
>> 
>> Perhaps only make it only work for users in the wheel group?
>> 
> 
> Ah, yes. Didn't think that much. :\
> 
> As Colin suggested we could "chgrp wheel /usr/bin/dumpcap && chmod
> 4750 /usr/bin/dumpcap". Or we could create wireshark group for it and
> do the same.

I see you did the wireshark group (better choice than wheel for sure).  Personally I prefer Olivier's consolekit suggestion, to allow the 
user logged into the physical console to use it.  Much less of a management headache in most cases.  The restricting it to a group should be 
something an administrator can enforce with msec if they want it (and it could even be added to the default restrictions for the secure 
level).

More information about the Mageia-dev mailing list