home  bbs  files  messages ]

      ZZLI4422             linux.debian.devel             1179 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 1062 of 1179 on ZZLI4422, Sunday 10-18-25, 8:14  
  From: =?UTF-8?B?QSOHBGLUDCBSW6L  
  To: ALL  
  Subj: Re: New proposed system group "scap" and  
 From: balint@balintreczey.hu 
  
 Hi All, 
  
 Josh Triplett  ezt €€rta (id€€pont: 2025. okt. 
 6., H, 17:34): 
 > 
 > On Mon, Oct 06, 2025 at 05:15:47PM +0200, Bastian Blank wrote: 
 > > On Mon, Oct 06, 2025 at 05:01:39PM +0200, B€€lint R€€czey wrote: 
 > > > > From my view: it needs to employ the "can ptrace" check for any 
 > > > > monitored process. 
 > > > I think that would also be against the monitoring's usefulness. Not 
 > > > ptrace-able processes can cause issues to be triaged, too. 
 > > 
 > > In that case you need to go through the normal elevation rules.  So 
 > > either sudo oder packagekit. 
 > 
 > I think you may mean PolicyKit? But yes, ideally this would use 
 > PolicyKit rather than a group-limited setuid/setcap binary. 
 > 
 > In the absence of that, the group at least needs to be documented as 
 > root-equivalent, since systemwide monitoring of syscalls on privileged 
 > processes almost certainly is. 
  
 Thank you for all the input. 
  
 I've switched upstream to use the "_scap" group name as Guillem 
 suggested and also proposed using polkit: 
 https://gitlab.com/wireshark/wireshark/-/issues/20805 
  
 Cheers, 
 Balint 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,084 visits
(c) 1994,  bbs@darkrealms.ca