Hi All, Josh Triplett <[email protected]> ezt írta (időpont: 2025. okt. 6., H, 17:34): > > On Mon, Oct 06, 2025 at 05:15:47PM +0200, Bastian Blank wrote: > > On Mon, Oct 06, 2025 at 05:01:39PM +0200, Bálint Réczey wrote: > > > > From my view: it needs to employ the "can ptrace" check for any > > > > monitored process. > > > I think that would also be against the monitoring's usefulness. Not > > > ptrace-able processes can cause issues to be triaged, too. > > > > In that case you need to go through the normal elevation rules. So > > either sudo oder packagekit. > > I think you may mean PolicyKit? But yes, ideally this would use > PolicyKit rather than a group-limited setuid/setcap binary. > > In the absence of that, the group at least needs to be documented as > root-equivalent, since systemwide monitoring of syscalls on privileged > processes almost certainly is.
Thank you for all the input. I've switched upstream to use the "_scap" group name as Guillem suggested and also proposed using polkit: https://gitlab.com/wireshark/wireshark/-/issues/20805 Cheers, Balint
