Re: New proposed system group "scap" and setuid binary "dumpcalls"
Hi!
On Sat, 2025-10-04 at 14:36:39 +0200, Bálint Réczey wrote:
> The wireshark source package soon starts shipping the Stratoshark
> [1][2] system call analyzer, a new GUI that uses the dumpcalls [3]
> helper program to monitor and collect local system calls.
> The dumpcalls [3] binary either needs to be setuid or - hopefully be
> able to rely only on narrower Linux Capabilities to collect
> information from the system [4].
>
> The "scap" group name comes from libscap's name and that comes from
> System CAPture.
> I think it is OK to use the abbreviated form, since the library name
> is already reserved in Debian, while it is shipped in
> libfalcosecurity0t64 for now. Upstream already uses this group name
> for some time in upstream-provided .debs.
>
> The Debian Policy governs the process of adding new setuid binaries
> [5], thus hereby I'm looking for the approval of the binary and the
> group name, or feedback if changes would be necessary.
Please, namespace system user and group names with «_», in this case
the group name would ideally be «_scap», otherwise there's a risk of
stomping on existing non-system names.
Thanks,
Guillem
Reply to: