I really see no reason at all why /usr/bin/driftnet should be suid root. I know it is only executeable by the wheel group, but still I don't like to think of wheel as equivalent to root. I think only very few people should be able to spy on all the images that goes through the router/proxy, or any host. Reproducible: Always Steps to Reproduce: 1. Just look at 'chmod u+s "${D}/usr/bin/driftnet"' in the ebuild
Needs to be root to set the network card into promiscuous mode. From the README: "Driftnet needs to run with sufficient privilege to obtain raw packets from the network. On most systems, this means running it as root." Feel free to customize it for your local needs. Also, read the comments at http://www.ex-parrot.com/~chris/driftnet/
With that argument you should also SUID tcpdump. Also you may use drifnet -M evil-command to run evil-command as root whenever an mpeg stream is encountered.
Well, it seems you CAN'T run evil commands with the -M because Only driftnet-gtk can run with -M, and it is NOT suid. I think it has a good security usability balance here.
Does Gentoo have any policy on how powerfull users in the wheel group should be? I think some people will add users to the wheel group just to let root be able to su from their accounts, or even to let regular users su to each others accounts - but I don't think that's compatible with drifnet as suid. I believe sudo should be used to run priviledged commands as root.
The reasoning is that if you are to be able to su from your account - then you are a trusted user. This does not mean you can run arbitrary commands as root without actually su'ing into root. feel free to bring this up at the -dev mailinglist, if you want. and for the overparanoid, there's always cfengine...
