Wireshark-bugs: [Wireshark-bugs] [Bug 1741] Privilege separation patch

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 13 Aug 2007 23:43:09 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1741





------- Comment #4 from luis.ontanon@xxxxxxxxx  2007-08-13 23:43 GMT -------
Looks fine to me.
Just one thing:

  --enable-setuid defaults to YES, It should default to NO, installing any
program as setuid must be an explicit choice of the system administrator.

  A  script that uses the automake settings (like the one below, but tested) 
should be installed to allow root to set it and unset it.

#!/usr/bin/perl -S

$< == 0 or die "only root can run this script";

$command = shift;
$command =~ tr/A-Z/a-z/;


if ($command == "enable") {
  system("chmod ug+s @BIN_PREFIX@/@wireshark_bin@") if
length("@wireshark_bin@");
  system("chmod ug+s @BIN_PREFIX@/@tshark_bin@") if length("@tshark_bin@");
  system("chmod ug+s @BIN_PREFIX@/@dumpcap_bin@") if length("@ddumpcap_bin@");
  exit 0;
} 

if ($command == "disable"){
  system("chmod ug+s @BIN_PREFIX@/@wireshark_bin@") if
length("@wireshark_bin@");
  system("chmod ug+s @BIN_PREFIX@/@tshark_bin@") if length("@tshark_bin@");
  system("chmod ug+s @BIN_PREFIX@/@dumpcap_bin@") if length("@ddumpcap_bin@");
  exit(0);
}

die "usage scriptname {enable|disable}";


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.