net-analyzer/wireshark-1.2.13 with USE="-caps" installs /usr/bin/dumpcap with permissions 6550 (-r-sr-s---). This prevents users that are not in the wireshark group to capture packets. If I understand correctly, this is the way it's supposed to be. net-analyzer/wireshark-1.4.3 with USE="-caps" installs /usr/bin/dumpcap with permissions 6751 (-rwsr-s--x) and this allows any user to run dumpcap without being in the wireshark group. Steps to Reproduce: 1. USE="-caps" emerge =wireshark-1.4.3 2. run dumpcap with a user that is not in the wireshark group Actual Results: % dumpcap File: /tmp/wiresharkXXXXPJdgCm Packets: 6 Packets dropped: 0 Expected Results: % dumpcap permission denied: dumpcap
Thank you for report. Fixed in wireshark-1.4.4. Stabilization will go in bug 354197.
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li).