Bug 357237

Summary:	<net-analyzer/wireshark-1.4.4: USE="-caps" allows any user to run dumpcap
Product:	Gentoo Security	Reporter:	Sebastian Thorarensen <sebth>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	netmon, pva
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B1 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	354197
Bug Blocks:

Description Sebastian Thorarensen 2011-03-03 17:29:44 UTC

net-analyzer/wireshark-1.2.13 with USE="-caps" installs /usr/bin/dumpcap with permissions 6550 (-r-sr-s---). This prevents users that are not in the wireshark group to capture packets. If I understand correctly, this is the way it's supposed to be.

net-analyzer/wireshark-1.4.3 with USE="-caps" installs /usr/bin/dumpcap with permissions 6751 (-rwsr-s--x) and this allows any user to run dumpcap without being in the wireshark group.

Steps to Reproduce:
1. USE="-caps" emerge =wireshark-1.4.3
2. run dumpcap with a user that is not in the wireshark group

Actual Results:
% dumpcap
File: /tmp/wiresharkXXXXPJdgCm
Packets: 6 Packets dropped: 0

Expected Results:
% dumpcap
permission denied: dumpcap

Comment 1 Peter Volkov (RETIRED) gentoo-dev

2011-03-09 14:33:05 UTC

Thank you for report. Fixed in wireshark-1.4.4. Stabilization will go in bug 354197.

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2011-03-14 03:07:46 UTC

Thanks, folks. Added to existing GLSA request.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2011-10-09 20:01:05 UTC

This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2011-10-09 20:02:00 UTC

This issue was resolved and addressed in
 GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).