From 27477f1fac7e9845dad55670e178d588548ac1c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Sun, 20 Apr 2014 18:15:42 +0200 Subject: [PATCH] wireshark: build with libcap (POSIX capabilities) This makes running wireshark (or more specifically, dumpcap) as root a bit more secure. From /doc/README.packaging: The "--with-libcap" option is only useful when dumpcap is installed setuid. If it is enabled dumpcap will try to drop any setuid privileges it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW capabilities. It is enabled by default, if the Linux capabilities library (on which it depends) is found. --- pkgs/applications/networking/sniffers/wireshark/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/sniffers/wireshark/default.nix b/pkgs/applications/networking/sniffers/wireshark/default.nix index 256681ec54e..37a75e437ad 100644 --- a/pkgs/applications/networking/sniffers/wireshark/default.nix +++ b/pkgs/applications/networking/sniffers/wireshark/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl, pkgconfig, perl, flex, bison, libpcap, libnl, c-ares , gnutls, libgcrypt, geoip, heimdal, lua5, gtk, makeDesktopItem, python +, libcap }: let version = "1.11.2"; in @@ -14,7 +15,7 @@ stdenv.mkDerivation { buildInputs = [ bison flex perl pkgconfig libpcap lua5 heimdal libgcrypt gnutls - geoip libnl c-ares gtk python + geoip libnl c-ares gtk python libcap ]; preConfigure = ''