Hi, so it's been a while this hasn't been debated, and i think the general consensus is now 'why are we applying stronger stance against wireshark compared to other monsters in the tree?' - right now, ppl are either installing it themselves from source, not updating it, running it as root, fiddling with perms on bpf, etc.
The idea is to import it (and update it!), the binary doing the capture and needing privileges is separated (but DOESNT do privdrop), so we might aswell install it setuid root, group _wireshark and mode 4550. This way, only users in the _wireshark group (gid 735 to reserve) might be able to do captures, and only the captures are done as root. Almost works ootb, you just need to add yourself to _wireshark. Might warrant a MESSAGE ? This is exactly https://github.com/jasperla/openbsd-wip/tree/master/net/wireshark, updated to 1.10.8, with all the flavor goos removed (python is broken, why bother with a gtk2 version, etc). Python support might come back if fixed in the devel version (which moved to qt) but atm the latter is only at 1.12.0rc2, while 1.8/1.10 has been somewhat tested. oks to import/bikeshed ? Landry
wireshark-1.10.8.tgz
Description: application/tar-gz
