FS#36541 - [wireshark-cli] Users should be informed about what 'wireshark' group membership actually confers

Attached to Project: Community Packages
Opened by Anonymous (reallybmn) - Thursday, 15 August 2013, 14:07 GMT
Last edited by Balló György (City-busz) - Tuesday, 21 January 2014, 00:22 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Timothy Redaelli (tredaelli)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Users are currently advised to bestow 'wireshark' group membership on any user that is supposed to be able to use wireshark for live captures. The other side of that coin, extraneous privileges, is never explored. It should be explained what this group membership really means. AFAICT, it enables the user to use /usr/bin/dumpcap with CAP_NET_ADMIN and CAP_NET_RAW=eip privileges and no more, but I am unsure and so would probably be most prospective users of this package.

Stating the actual extent of the extra privileges can be done in a doc file or during package installs and upgrades.

The package version current right now is 1.10.1-1.
This task depends upon

Closed by  Balló György (City-busz)
Tuesday, 21 January 2014, 00:22 GMT
Reason for closing:  Not a bug
Comment by Timothy Redaelli (tredaelli) - Monday, 28 October 2013, 12:01 GMT
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap are taked from http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
Comment by Balló György (City-busz) - Sunday, 19 January 2014, 00:14 GMT
I think it's well documented in our wiki, and it should be enough:
https://wiki.archlinux.org/index.php/Wireshark#Capturing_as_normal_user

Loading...