As suggested by Thijs forwarded to the dev list.
Hi,
I'm contacting you as I got thinking about network capture and the
security implications of that.
First of all, I'm a Wireshark core developer and Debian user, hence my interest.
What I've noticed is that Debian (still) requires the user to run
Wireshark with root credentials in order to be able to launch a network
capture. Otherwise the network interfaces won't even be visible.
This problem, running a massive GUI application with root credentials, was
identified long ago and addressed as such. The core capture functionality
was isolated in a capture child, so the rest (dissection, GUI, etc) could
be run as a normal user. This only(ahem) requires the capture engine
(dumpcap) to be installed setuid root.
This is possible, the debian packaging files in the Wireshark source
tarball provide for this, but it opens a whole other can-o-worms. Without
requiring root credentials everyone can start network captures, something
that may be less desirable.
This issue of course holds true for all network capture applications, so a
more generic approach would be desirable. A possible way to address this
is to create a group with network capture privileges, and any eligible
user would be added to that group. This provides the administrator tight
control over the network capture capabilities of the systems users, while
users do not have to run network capture as root.
Now, I accept this issue and solution to be declared total nonsense. But
then again, what do I know.
Thanks for your time,
Jaap