Package: wireshark Version: 1.0.8-1 Severity: grave If I run "gksudo wireshark&" and then open the any of the pages listed in the "Help" menu, wireshark (for me, at least) starts up an instance of iceweasel as root. Presumably, whatever it starts for others it also starts as root. This seems kind of bad, given that wireshark generally needs root priveleges to monitor most, if not all, interfaces, and apparantly can't (yet) just start a child process as root for that, and given how insecure most web browsers are these days.
It would be nice if wireshark would make an effort to invoke the browser as some less-privileged user, preferably the one who had invoked [gk]sudo, or at least warn the user that it is about to invoke a browser as root and give the user a chance to do something else with the desired URL instead. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wireshark depends on: ii libadns1 1.4-0.1 Asynchronous-capable DNS client li ii libatk1.0-0 1.24.0-2 The ATK accessibility toolkit ii libc6 2.9-18 GNU C Library: Shared libraries ii libcairo2 1.8.6-2+b1 The Cairo 2D vector graphics libra ii libcomerr2 1.40.8-2 common error description library ii libfontconfig1 2.6.0-3 generic font configuration library ii libfreetype6 2.3.9-4.1 FreeType 2 font engine, shared lib ii libgcrypt11 1.4.4-2 LGPL Crypto library - runtime libr ii libglib2.0-0 2.20.0-2 The GLib library of C routines ii libgnutls26 2.6.6-1 the GNU TLS library - runtime libr ii libgtk2.0-0 2.16.1-2 The GTK+ graphical user interface ii libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C ii libkrb5-3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries ii libpango1.0-0 1.24.0-3+b1 Layout and rendering of internatio ii libpcap0.8 1.0.0-2 system interface for user-level pa ii libpcre3 7.8-2+b1 Perl 5 Compatible Regular Expressi ii libportaudio2 19+svn20071022-2 Portable audio I/O - shared librar ii wireshark-common 1.0.8-1 network traffic analyser (common f ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages wireshark recommends: ii gksu 2.0.2-2+b1 graphical frontend to su wireshark suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
