From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-December/020886.html | 105 +++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-December/020886.html (limited to 'zarb-ml/mageia-dev/2012-December/020886.html') diff --git a/zarb-ml/mageia-dev/2012-December/020886.html b/zarb-ml/mageia-dev/2012-December/020886.html new file mode 100644 index 000000000..9463d1448 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-December/020886.html @@ -0,0 +1,105 @@ + + + + [Mageia-dev] [changelog] [RPM] cauldron core/release wireshark-1.8.4-2.mga3 + + + + + + + + + +

[Mageia-dev] [changelog] [RPM] cauldron core/release wireshark-1.8.4-2.mga3

+ David Walser + luigiwalser at yahoo.com +
+ Sat Dec 22 19:25:30 CET 2012 +

+
+ +
Jani Välimaa wrote:
+> On Mon, 17 Dec 2012 09:57:13 +0000
+> Colin Guthrie <mageia at colin.guthr.ie> wrote:
+> 
+>> 'Twas brillig, and Olivier Blin at 17/12/12 09:55 did gyre and gimble:
+>> > wally <buildsystem-daemon at mageia.org> writes:
+>> > 
+>> >> Name        : wireshark                    Relocations: (not
+>> >> relocatable) Version     : 1.8.4
+>> >> Vendor: Mageia.Org Release     : 2.mga3
+>> >> Build Date: Sat Dec  1 17:48:14 2012 Install Date: (not
+>> >> installed)               Build Host: jonund.mageia.org
+>> >> Group       : Monitoring                    Source RPM: (none)
+>> >> Size        : 24192404                         License: GPLv2+ and
+>> >> GPLv3 Signature   : (none) Packager    : wally <wally>
+>> >> URL         : http://www.wireshark.org
+>> >> Summary     : Network traffic analyzer
+>> >> Description :
+>> >> Wireshark is a network traffic analyzer for Unix-ish operating
+>> >> systems. It is based on GTK+, a graphical user interface library,
+>> >> and libpcap, a packet capture and filtering library.
+>> >>
+>> >> wally <wally> 1.8.4-2.mga3:
+>> >> + Revision: 324195
+>> >> - install dumpcap setuid root as upstream suggests (to allow to
+>> >> start wireshark as normal user)
+>> >> - drop run-as-root hacks
+>> > 
+>> > Hi,
+>> > 
+>> > It seems you introduced a security flaw: now all users are able to
+>> > capture the network traffic.
+>> > 
+>> > This should be reverted, or restrictions should be added (maybe by
+>> > making consolekit add acls if possible).
+>> 
+>> Perhaps only make it only work for users in the wheel group?
+>> 
+> 
+> Ah, yes. Didn't think that much. :\
+> 
+> As Colin suggested we could "chgrp wheel /usr/bin/dumpcap && chmod
+> 4750 /usr/bin/dumpcap". Or we could create wireshark group for it and
+> do the same.
+
+I see you did the wireshark group (better choice than wheel for sure).  Personally I prefer Olivier's consolekit suggestion, to allow the 
+user logged into the physical console to use it.  Much less of a management headache in most cases.  The restricting it to a group should be 
+something an administrator can enforce with msec if they want it (and it could even be added to the default restrictions for the secure 
+level).
+
+
+ + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1