Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
On Thu, Mar 01, 2012 at 09:28:47PM +0100, Carlos E. R. wrote:
On 2012-03-01 16:18, Roger Oberholtzer wrote:
On Thu, 2012-03-01 at 15:34 +0100, Carlos E. R. wrote:

You can probably suid the binary.

Yikes. To get perhaps one root capability, you give the application the
world. Quite generous. As they say, with great power comes great
responsibility. I just don't trust the general non-buggy-ness of things.
Fine grained permissions seem a bit more secure.

There is no other way of running it, and this is the kernel fault.

Perhaps it could be made a two part program: a small one running as root
and doing the capturing part, and another doing the gui and processing. But
this doesn't exist.

And on wireshark now and then there have been found security holes.

Read up on filesystem capabilities here. ... Basically attributes added within
filesystem that only give some of the capabilities.

But wireshark as a X client really shouldn't be setuid root.

If you need it, "su", "sudo" or "ssh -X root@localhost" to run it.

Ciao, Marcus
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread