Your message dated Mon, 24 Aug 2009 19:18:31 +0200
with message-id <200908241918.31656.jo...@damad.be>
and subject line wireshark: if wireshark runs as root, help opens browser as
root too
has caused the Debian Bug report #536618,
regarding wireshark: if wireshark runs as root, help opens browser as root too
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
536618: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536618
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wireshark
Version: 1.0.8-1
Severity: grave
If I run "gksudo wireshark&" and then open the any of the pages listed
in the "Help" menu, wireshark (for me, at least) starts up an instance
of iceweasel as root. Presumably, whatever it starts for others it
also starts as root. This seems kind of bad, given that wireshark
generally needs root priveleges to monitor most, if not all,
interfaces, and apparantly can't (yet) just start a child process as
root for that, and given how insecure most web browsers are these days.
It would be nice if wireshark would make an effort to invoke the
browser as some less-privileged user, preferably the one who had
invoked [gk]sudo, or at least warn the user that it is about to invoke
a browser as root and give the user a chance to do something else with
the desired URL instead.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages wireshark depends on:
ii libadns1 1.4-0.1 Asynchronous-capable DNS client li
ii libatk1.0-0 1.24.0-2 The ATK accessibility toolkit
ii libc6 2.9-18 GNU C Library: Shared libraries
ii libcairo2 1.8.6-2+b1 The Cairo 2D vector graphics libra
ii libcomerr2 1.40.8-2 common error description library
ii libfontconfig1 2.6.0-3 generic font configuration library
ii libfreetype6 2.3.9-4.1 FreeType 2 font engine, shared lib
ii libgcrypt11 1.4.4-2 LGPL Crypto library - runtime libr
ii libglib2.0-0 2.20.0-2 The GLib library of C routines
ii libgnutls26 2.6.6-1 the GNU TLS library - runtime libr
ii libgtk2.0-0 2.16.1-2 The GTK+ graphical user interface
ii libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries
ii libpango1.0-0 1.24.0-3+b1 Layout and rendering of internatio
ii libpcap0.8 1.0.0-2 system interface for user-level pa
ii libpcre3 7.8-2+b1 Perl 5 Compatible Regular Expressi
ii libportaudio2 19+svn20071022-2 Portable audio I/O - shared librar
ii wireshark-common 1.0.8-1 network traffic analyser (common f
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages wireshark recommends:
ii gksu 2.0.2-2+b1 graphical frontend to su
wireshark suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.2.1-2
This version introduces the possibility to run dumpcap setuid root. By using
this feature wireshark itself won't run as root anymore, hence the help
browser will also run as normal user.
--- End Message ---
