-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-03-01 16:18, Roger Oberholtzer wrote:
On Thu, 2012-03-01 at 15:34 +0100, Carlos E. R. wrote:
You can probably suid the binary.
Yikes. To get perhaps one root capability, you give the application the world. Quite generous. As they say, with great power comes great responsibility. I just don't trust the general non-buggy-ness of things. Fine grained permissions seem a bit more secure.
There is no other way of running it, and this is the kernel fault. Perhaps it could be made a two part program: a small one running as root and doing the capturing part, and another doing the gui and processing. But this doesn't exist. And on wireshark now and then there have been found security holes. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk9P2/8ACgkQIvFNjefEBxqCjgCgn+Ypnn+GR+q8RR8HmX+Hr7PO omkAoJ/QmVjrC5LT9H0jsP8+miM0q5+F =zRgS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org