http://bugzilla.opensuse.org/show_bug.cgi?id=957624 Bug ID: 957624 Summary: Wireshark privilege separation Classification: openSUSE Product: openSUSE Tumbleweed Version: 2015* Hardware: Other OS: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: astieger@suse.com QA Contact: qa-bugs@suse.de CC: cyliu@suse.com, security-team@suse.de Found By: Security Response Team Blocker: --- Wireshark is currently executed as root: /usr/share/applications/wireshark.desktop Exec=/usr/bin/xdg-su -c /usr/bin/wireshark %f /usr/share/applications/wireshark-gtk.desktop Exec=/usr/bin/xdg-su -c /usr/bin/wireshark-gtk %f Many Vulnerabilities in Wireshark affect the dissector UI. Their effect will be reduced root level to user level if the privileged were separated. It is sufficient to give CAP_NET_RAW and CAP_NET_ADMIN to /usr/sbin/dumpcap and make it executable by a group. https://wiki.wireshark.org/CaptureSetup/CapturePrivileges The group would be called "wireshark" and users would need to be added to the group. Ideally a warning would be shown to advise users of the fact. -- You are receiving this mail because: You are on the CC list for the bug.