Bug ID 957624
Summary Wireshark privilege separation
Classification openSUSE
Product openSUSE Tumbleweed
Version 2015*
Hardware Other
OS Other
Status NEW
Severity Enhancement
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter astieger@suse.com
QA Contact qa-bugs@suse.de
CC cyliu@suse.com, security-team@suse.de
Found By Security Response Team
Blocker --- 

Wireshark is currently executed as root:

/usr/share/applications/wireshark.desktop
  Exec=/usr/bin/xdg-su -c /usr/bin/wireshark %f

/usr/share/applications/wireshark-gtk.desktop
  Exec=/usr/bin/xdg-su -c /usr/bin/wireshark-gtk %f

Many Vulnerabilities in Wireshark affect the dissector UI. Their effect will be
reduced root level to user level if the privileged were separated.

It is sufficient to give CAP_NET_RAW and CAP_NET_ADMIN to /usr/sbin/dumpcap and
make it executable by a group.
https://wiki.wireshark.org/CaptureSetup/CapturePrivileges

The group would be called "wireshark" and users would need to be added to the
group.

Ideally a warning would be shown to advise users of the fact.

You are receiving this mail because: