On Sun, Jul 13, 2014 at 05:50:46PM +0200, Landry Breuil wrote:
> Hi,
>
> so it's been a while this hasn't been debated, and i think the general
> consensus is now 'why are we applying stronger stance against wireshark
> compared to other monsters in the tree?' - right now, ppl are either
> installing it themselves from source, not updating it, running it as
> root, fiddling with perms on bpf, etc.
>
> The idea is to import it (and update it!), the binary doing the capture
> and needing privileges is separated (but DOESNT do privdrop), so we
> might aswell install it setuid root, group _wireshark and mode 4550.
>
> This way, only users in the _wireshark group (gid 735 to reserve) might
> be able to do captures, and only the captures are done as root. Almost
> works ootb, you just need to add yourself to _wireshark. Might warrant a
> MESSAGE ?
>
a README is needed otherwise users instead of adding them to the _wireshark
group will run the software as root.
Cheers
Giovanni
