On Wed, Nov 23, 2011 at 09:56:55AM +0100, Bálint Réczey wrote: > 2011/11/22 Marc Haber <[email protected]>: > > On Tue, Nov 22, 2011 at 03:12:06PM +0100, Bálint Réczey wrote: > >> Have you seen any suspicious output while running 'sudo > >> dpkg-reconfigure wireshark-common' ? > >> > >> Could you please check the output of the following commands?: > >> > >> sudo dpkg-reconfigure wireshark-common > >> /usr/sbin/dpkg-statoverride --list /usr/bin/dumpcap > >> echo $? > >> sudo which setcap > > > > I now know what went wrong. I was misguided by the name of the debconf > > template being install-setuid, which prompted me to an immediate "no", > > without knowing that the postinst will only use setuid as a > > last-resort method if capabilities are not available. > The template name is not shown to users AFAIK and > the current template text does not mention setuid bit: > > Should non-superusers be able to capture packets? > Dumpcap can be installed in a way that allows members of the "wireshark" > system group to capture packets. This is recommended over the > alternative of running Wireshark/Tshark directly as root, because > less of the code will run with elevated privileges. > . > For more detailed information please see > /usr/share/doc/wireshark-common/README.Debian. > . > Enabling this feature may be a security risk, so it is disabled by > default. If in doubt, it is suggested to leave it disabled.
It is, however, worded so that anybody with Unix experience will immediately think "gaah, suid" and answer "no". At least that happened to me. > > Text suggestion: > > The package scripts will use Linux capabilities for the dumpcap binary > > where available and resort to setting the suid bit on the dumpcap > > binary as a fall-back. > The technology used behind the scenes is hidden intentionally to prevent > changes to the template. The template is localized thus changing it would > mean a lot of work for translators. > It refers to README.Debian, because the full story needs more > explanation than what would fit in a template text. Fine with me. Thanks for the explanation and saying that everything is intentional. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
