On Wed, 3 Oct 2018 01:01:32 +0200 Alessandro Selli
<alessandrose...@linux.com> wrote:
>
> Command etherape cannot work out of the box for unprivileged users.
>
> There is an etherape-root.desktop menu entry that runs:
>
> Exec=su-to-root -X -c /usr/bin/etherape
>
> However I do not like running X11 applications as root and I'd very
much do
> without using the superuser's (or even my user's) password as much as
> possible.
>
> I noticed that assigning the NET_RAW capabilities to the
> /usr/bin/etherape executable makes it work for underprivileged users:
>
> # setcap CAP_NET_RAW=pe /usr/bin/etherape
>
> I would like very much to see this setting become the default on Debian
> installations.
My 2ยข here, but su-to-root requires the user to enter the root password
of the machine.
Adding the capability to the file, will allow any user to run etherape
and get information about the network traffic.
Isn't that a bigger security issue to allow this by default?
