Package: ethereal Version: 0.10.11-2 Severity: normal The patch in #315670 doesn't check if it _has_ CAP_NET_RAW before it tries to drop others. When run as non-root, it is actually an attempt to _gain_ the capability, and therefore fails:
[EMAIL PROTECTED]:~$ ethereal Could not set capabilities: Operation not permitted [EMAIL PROTECTED]:~$ I can't say off hand how to do this _right_, but I suspect the function dropexcesscapabilities() should checkif CAP_NET_RAW is held before it tries to drop capabilities, and either do nothing or drop _all_ capabilities if CAP_NET_RAW is not already held. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (900, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Versions of packages ethereal depends on: ii ethereal-common 0.10.11-1 network traffic analyser (common f ii libadns1 1.0-8.3 Asynchronous-capable DNS client li ii libatk1.0-0 1.10.1-2 The ATK accessibility toolkit ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcomerr2 1.38-1 common error description library ii libglib2.0-0 2.6.5-1 The GLib library of C routines ii libgtk2.0-0 2.6.8-1 The GTK+ graphical user interface ii libkrb53 1.3.6-4 MIT Kerberos runtime libraries ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpcap0.8 0.8.3-6 System interface for user-level pa ii libpcre3 5.0-1.1 Perl 5 Compatible Regular Expressi ii zlib1g 1:1.2.2-8 compression library - runtime Versions of packages ethereal recommends: ii gksu 1.3.0-1 graphical frontend to su -- no debconf information -- Paul "TBBle" Hampson, [EMAIL PROTECTED] 7th year CompSci/Asian Studies student, ANU Shorter .sig for a more eco-friendly paperless office.
signature.asc
Description: Digital signature
