net-analyzer/wireshark-1.2.13 with USE="-caps" installs /usr/bin/dumpcap with permissions 6550 (-r-sr-s---). This prevents users that are not in the wireshark group to capture packets. If I understand correctly, this is the way it's supposed to be.
net-analyzer/wireshark-1.4.3 with USE="-caps" installs /usr/bin/dumpcap with permissions 6751 (-rwsr-s--x) and this allows any user to run dumpcap without being in the wireshark group.
Steps to Reproduce:
1. USE="-caps" emerge =wireshark-1.4.3
2. run dumpcap with a user that is not in the wireshark group
Packets: 6 Packets dropped: 0
permission denied: dumpcap
Thank you for report. Fixed in wireshark-1.4.4. Stabilization will go in bug 354197.
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml
by GLSA coordinator Alex Legler (a3li).