#2816 closed defect (fixed)
Wireshark security issue
| Reported by: | Arthur Demchenkov | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
It could be an enhancement. But I consider this critical.
Here's some info from Gentoo's ebuild:
With version 0.99.7, all function calls that require elevated privileges have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER ONE POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT. NOTE: To run wireshark as normal user you have to add yourself into wireshark group. This security measure ensures that only trusted users allowed to sniff your traffic.
Here's what I propose to do...
Before the installation:
groupadd -g 91 wireshark
After the installation:
chown -v root:wireshark /usr/bin/{tshark,dumpcap} &&
chmod -v 6550 /usr/bin/{tshark,dumpcap} &&
And to add this note at the end of installation...
Add the users you would like to the wireshark group:
usermod -a -G wireshark <username>
Change History (8)
comment:1 by , 15 years ago
comment:5 by , 12 years ago
| Milestone: | 6.7 → current |
|---|
comment:6 by , 12 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Also, there is a new version, 1.0.8.
Release notes are here:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.8.html