[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New proposed system group "scap" and setuid binary "dumpcalls"

Hi Guillem,

Guillem Jover <guillem@debian.org> ezt írta (időpont: 2025. okt. 4.,
Szo, 15:08):
>
> Hi!
>
> On Sat, 2025-10-04 at 14:36:39 +0200, Bálint Réczey wrote:
> > The wireshark source package soon starts shipping the Stratoshark
> > [1][2] system call analyzer, a new GUI that uses the dumpcalls [3]
> > helper program to monitor and collect local system calls.
> > The dumpcalls [3] binary either needs to be setuid or - hopefully be
> > able to rely only on narrower Linux Capabilities to collect
> > information from the system [4].
> >
> > The "scap" group name comes from libscap's name and that comes from
> > System CAPture.
> > I think it is OK to use the abbreviated form, since the library name
> > is already reserved in Debian, while it is shipped in
> > libfalcosecurity0t64 for now. Upstream already uses this group name
> > for some time in upstream-provided .debs.
> >
> > The Debian Policy governs the process of adding new setuid binaries
> > [5], thus hereby I'm looking for the approval of the binary and the
> > group name, or feedback if changes would be necessary.
>
> Please, namespace system user and group names with «_», in this case
> the group name would ideally be «_scap», otherwise there's a risk of
> stomping on existing non-system names.
>

Indeed. I've switched to using "_scap".

Cheers,
Balint
Reply to: