nixpkgs/pkgs/applications/networking
Bjørn Forsman a70197a653 wireshark: add patch to lookup "dumpcap" in PATH
What this allows us to do is define a "dumpcap" setuid wrapper in NixOS
and have wireshark use that instead of the non-setuid dumpcap binary
that it normally uses.

As far as I can tell, the code that is changed to do lookup in PATH is
only used by wireshark/tshark to find dumpcap. dumpcap, the thing that's
typically setuid, is not affected by this patch. wireshark and tshark
should *not* be installed setuid, so the fact that they now do lookup in
PATH is not a security concern.

With this commit, and the following config, only "root" and users in the
"wireshark" group will have access to capturing network traffic with
wireshark/dumpcap:

  environment.systemPackages = [ pkgs.wireshark ];
  security.setuidOwners = [
    { program = "dumpcap";
      owner = "root";
      group = "wireshark";
      setuid = true;
      setgid = false;
      permissions = "u+rx,g+x";
    }
  ];
  users.extraGroups.wireshark.gid = 500;

(This wouldn't have worked before, because then wireshark would not use
our setuid dumpcap binary.)
2014-04-22 21:33:11 +02:00
..
bittorrentsync btsync: 1.3.77 -> 1.3.87 2014-04-16 18:56:22 -05:00
browsers firefox: Update to 28.0 2014-04-22 14:45:27 +02:00
cluster Make my packages slightly more consistent. 2014-03-07 20:27:02 -06:00
davmail Minor whitespace cleanup 2014-02-20 23:12:54 +01:00
dropbox Update dropbox daemon 2014-01-15 20:37:13 -05:00
dropbox-cli Update dropbox.py hash 2014-01-15 20:09:05 -05:00
esniper esniper: update to version 2.29.0 2014-04-02 17:44:10 +02:00
feedreaders/newsbeuter newsbeuter: bump development version to latest master 2014-03-13 17:01:58 -04:00
ftp/filezilla filezilla: use default gnutls instead of vulnerable gnutls2 2014-03-05 14:23:05 +01:00
ids Some description fixes 2013-10-05 19:36:23 +02:00
instant-messengers sflphone: find gsettings schemas 2014-04-13 23:50:21 +02:00
iptraf iptraf: update to 3.0.1 2013-07-09 19:38:55 +02:00
irc adding development version of weechat (alongside stable) 2014-04-17 22:22:54 +01:00
jmeter jmeter: update to 2.10 2013-11-23 15:06:07 +01:00
mailreaders add thunderbird-bin: the binary package for Thunderbird mail client 2014-04-13 00:29:14 +09:00
msmtp msmtp: 1.4.30 -> 1.4.31 2013-07-19 00:53:06 +02:00
mumble murmur: Upgrade 1.2.4 -> 1.2.5 2014-02-07 21:29:38 -06:00
netperf
newsreaders liferea: bugfix update 2014-04-22 13:22:14 +02:00
notbit notbit: Add Package 2014-03-12 11:28:16 -05:00
offrss
p2p transmission-remote-gtk: fix gsettings schemas 2014-04-17 13:42:51 +02:00
pjsip Updating pjsip to 2.1 2013-06-29 15:14:02 +02:00
remote teamviewer: fix brokenness after updates / GC 2014-04-06 00:23:59 +02:00
seafile-client Set meta.platforms attribute to platforms.linux for Seafile packages and their prerequisites 2014-02-28 17:24:43 +01:00
siproxd Updating siproxd to 0.8.1, and libosip. 2013-06-29 15:14:02 +02:00
sniffers wireshark: add patch to lookup "dumpcap" in PATH 2014-04-22 21:33:11 +02:00
sync rsync updated 3.0.9 to 3.1.0, rsyncd service module 2014-04-13 23:25:28 -04:00
syncthing syncthing: new package and nixos module 2014-04-04 10:46:29 +02:00
umurmur Updating umurmur to 0.2.13 2013-06-21 12:16:15 +02:00
vnstat
yafc yafc: update to 1.3.2 2014-03-30 18:32:14 +02:00
znc znc: Update from 1.0 -> 1.2 2014-02-15 12:31:04 +01:00