Re: Fwd: On Wireshark and network capture in general
On Fri, Jun 19, 2009 at 12:54:48PM +0200, Jaap Keuter wrote:
> I'm contacting you as I got thinking about network capture and the
> security implications of that.
> What I've noticed is that Debian (still) requires the user to run
> Wireshark with root credentials in order to be able to launch a
> network capture.
> The core capture functionality was isolated in a capture child, so
> the rest (dissection, GUI, etc) could be run as a normal user. This
> only(ahem) requires the capture engine (dumpcap) to be installed
> setuid root.
How about one of the following:
- have the gui application (run as user) use gksu to launch dumpcap
- a wrapper script that launches dumpcap as current effective user
(expected to be root) and the gui as $SUDO_USER (hmmm... too
specific to usage of sudo, bad idea).
- a wrapper script that launches dumpcap through su/sudo and the gui
"normally"
- a wrapper application (not suid), expected to be launched as root,
that fork()/exec()'s dumpcap and then drops all privileges and then
exec()'s the gui?
--
Lionel
Reply to: