Wireshark-dev: Re: [Wireshark-dev] Wireshark on Kali linux

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 5 Feb 2019 14:21:23 -0800
On Feb 5, 2019, at 2:08 PM, Dario Lombardo <lomato@xxxxxxxxx> wrote:

> Yes. Kali Linux is a very popular distribution for pentesting. Most of the software it ships requires root privileges, hence they just use root.

OK, so at least they're not doing something stupid such as specifically running Wireshark as root in order to get capture privileges rather than running everything as root, given that running dumpcap as root would suffice in that case.

> It is basically a live distro run from cd/USB or in a VM. Usually it's not installed on the hard drive and when a new version is available it is just replaced by the new one. The kali community keeps the softwares up to date to their best, so no need for update the packages. The last version I found ships wireshark as packed by Balint, v2.6.3.
> 
> Random thoughts:
> 1) the solution proposed in the post looks like patching wireshark due to a bug of it.

"It" being Wireshark?

The solution proposed in the patch is not to load console.lua.  If that change a bug fix, presumably that means we shouldn't be loading (or shipping) console.lua.

Should we be doing so, or not?

Or is the bug that we disable dofile() etc. even on systems where everything runs as root, in which case we should offer a configuration option "package for systems that run everything as root" and, if that option is enabled, remove the special "if super-user" checks from init.lua.

> 3) kali is debian derivative shipping Balint's package. That means that the solution can be in the software itself (I don't like it very much) or in the packaging system we control directly (much better, IMHO).

This would mean that they'd have to build Wireshark differently from the default way it's built, using the "package for systems that run everything as root" option.  That means a standard Debian package, built to run on a system where you *don't* run everything as root, so that you can leave the safety checks in place, won't be appropriate for Kali.