[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: On Wireshark and network capture in general

On Fri, Jun 19, 2009 at 12:54:48PM +0200, Jaap Keuter wrote:

> I'm contacting you as I got thinking about network capture and the
> security implications of that.

> What I've noticed is that Debian (still) requires the user to run
> Wireshark with root credentials in order to be able to launch a
> network capture.

> The core capture functionality was isolated in a capture child, so
> the rest (dissection, GUI, etc) could be run as a normal user. This
> only(ahem) requires the capture engine (dumpcap) to be installed
> setuid root.

How about one of the following:

 - have the gui application (run as user) use gksu to launch dumpcap

 - a wrapper script that launches dumpcap as current effective user
   (expected to be root) and the gui as $SUDO_USER (hmmm... too
   specific to usage of sudo, bad idea).

 - a wrapper script that launches dumpcap through su/sudo and the gui
   "normally"

 - a wrapper application (not suid), expected to be launched as root,
   that fork()/exec()'s dumpcap and then drops all privileges and then
   exec()'s the gui?

-- 
Lionel
Reply to: