Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 357237 - <net-analyzer/wireshark-1.4.4: USE="-caps" allows any user to run dumpcap
Summary: <net-analyzer/wireshark-1.4.4: USE="-caps" allows any user to run dumpcap
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa]
Keywords:
Depends on: CVE-2011-0538
Blocks:
  Show dependency tree
 
Reported: 2011-03-03 17:29 UTC by Sebastian Thorarensen
Modified: 2011-10-09 20:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Thorarensen 2011-03-03 17:29:44 UTC 
net-analyzer/wireshark-1.2.13 with USE="-caps" installs /usr/bin/dumpcap with permissions 6550 (-r-sr-s---). This prevents users that are not in the wireshark group to capture packets. If I understand correctly, this is the way it's supposed to be.

net-analyzer/wireshark-1.4.3 with USE="-caps" installs /usr/bin/dumpcap with permissions 6751 (-rwsr-s--x) and this allows any user to run dumpcap without being in the wireshark group.

Steps to Reproduce:
1. USE="-caps" emerge =wireshark-1.4.3
2. run dumpcap with a user that is not in the wireshark group

Actual Results:
% dumpcap
File: /tmp/wiresharkXXXXPJdgCm
Packets: 6 Packets dropped: 0

Expected Results:
% dumpcap
permission denied: dumpcap
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2011-03-09 14:33:05 UTC 
Thank you for report. Fixed in wireshark-1.4.4. Stabilization will go in bug 354197.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-03-14 03:07:46 UTC 
Thanks, folks. Added to existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:01:05 UTC 
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 20:02:00 UTC 
This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).