FS#36490 - [kismet] kismet_capture should be installed with CAP_NET_ADMIN and CAP_NET_RAW rather than suid root
Attached to Project:
Arch Linux
Opened by Anonymous (reallybmn) - Sunday, 11 August 2013, 11:53 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 10 October 2019, 08:30 GMT
Opened by Anonymous (reallybmn) - Sunday, 11 August 2013, 11:53 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 10 October 2019, 08:30 GMT
|
Details
kismet has privilege separation enabled; that's good. It
could be better if setcap with CAP_NET_ADMIN and
CAP_NET_RAW=eip were used instead of suid root as those
capabilities are not immediately equivalent to full root
(cf.
http://forums.grsecurity.net/viewtopic.php?f=7&t=2522).
(Package version: 2013_03_R1b-2) |
This task depends upon
Closed by Levente Polyak (anthraxx)
Thursday, 10 October 2019, 08:30 GMT
Reason for closing: Implemented
Additional comments about closing: 2019_09_R1-1
Thursday, 10 October 2019, 08:30 GMT
Reason for closing: Implemented
Additional comments about closing: 2019_09_R1-1
Comment by Doug Newgard (Scimmia) -
Monday, 06 July 2015, 04:49 GMT
Comment by
Eli Schwartz (eschwartz) - Sunday,
06 August 2017, 23:30 GMT
ping juergen...
- Field changed: Category (Packages: Extra → Upstream Bugs)
- Task reassigned to Jan Alexander Steffens (heftig), Jürgen Hötzel (juergen)
Has anyone ever posted on the upstream forums (couldn't find a
bugtracker) to ask *them* about implementing capabilities?