Bug#1031646: wireshark: Confusing/conflicting advice for novice users during installation
NeatNit
Version: 3.6.2-2
Severity: minor
Dear Maintainer,
When installing Wireshark, the instructions for whether to enable the wireshark system group are as follows:
Dumpcap can be installed in a way that allows members of the "wireshark"
system group to capture packets. This is recommended over the alternative of
running Wireshark/Tshark directly as root, because less of the code will run
with elevated privileges.For more detailed information please see /usr/share/doc/wireshark-common/README.Debian.gz
once the package is installed.
Enabling this feature may be a security risk, so it is disabled by default.
If in doubt, it is suggested to leave it disabled.
(source: https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/po/templates.pot )
The first paragraph says "This is recommended over the alternative", while the last says "it is suggested to leave it disabled" -- making it unclear to me (a relatively novice user) which option to choose! Better instructions would help immensely - for example, those taken directly from the README.Debian file:
[Enabling the option] is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with elevated privileges
thanks to the privilege separation.
(
https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/README.Debian
)
The above paragraph clarifies the use cases under which this option is recommended to be enabled. Putting this information directly in front of the user BEFORE they have to make this decision - not just in a readme that can be read after the fact - will make much more sense.
I am sure every intention was to make this clear to the user during installation, but alas, the way it is now is not doing that :)
I am not sure whether this is a debian issue or an upstream issue - it's clearly in the debian subdirectory, but the same directory exists upstream (relocated to packaging/debian 1 year ago)
https://gitlab.com/wireshark/wireshark/-/tree/master/packaging/debian
All the best,
Nitai
-- System Information:
Debian Release: bookworm/sid
APT prefers jammy-updates
APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-60-generic (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IL, LC_CTYPE=en_IL (charmap=UTF-8), LANGUAGE=en_IL:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wireshark depends on:
ii wireshark-qt 3.6.2-2
wireshark recommends no packages.
wireshark suggests no packages.
-- no debconf information
Bálint Réczey
Control: outlook -1 0 The text is likely clear enough and is not
likely to change
Hi Nitai,
NeatNit <nea...@gmail.com> ezt írta (időpont: 2023. febr. 19., V, 19:45):
>
> Package: wireshark
> Version: 3.6.2-2
> Severity: minor
>
> Dear Maintainer,
>
> When installing Wireshark, the instructions for whether to enable the wireshark system group are as follows:
>
> Dumpcap can be installed in a way that allows members of the "wireshark"
> system group to capture packets. This is recommended over the alternative of
> running Wireshark/Tshark directly as root, because less of the code will run
> with elevated privileges.
>
> For more detailed information please see /usr/share/doc/wireshark-common/README.Debian.gz
> once the package is installed.
>
> Enabling this feature may be a security risk, so it is disabled by default.
> If in doubt, it is suggested to leave it disabled.
>
> (source: https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/po/templates.pot )
>
> The first paragraph says "This is recommended over the alternative", while the last says "it is suggested to leave it disabled" -- making it unclear to me (a relatively novice user) which option to choose! Better instructions would help immensely - for example, those taken directly from the README.Debian file:
>
> [Enabling the option] is the preferred way of installation if Wireshark/Tshark
> will be used for capturing and displaying packets at the same time, since
> that way only the dumpcap process has to be run with elevated privileges
> thanks to the privilege separation.
>
> ( https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/README.Debian )
>
> The above paragraph clarifies the use cases under which this option is recommended to be enabled. Putting this information directly in front of the user BEFORE they have to make this decision - not just in a readme that can be read after the fact - will make much more sense.
>
> I am sure every intention was to make this clear to the user during installation, but alas, the way it is now is not doing that :)
I think the instructions are very clear.
Also please note the top of
https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/templates
:
# These templates have been reviewed by the debian-l10n-english
# team
#
# If modifications/additions/rewording are needed, please ask
# debian-l1...@lists.debian.org for advice.
#
# Even minor modifications require translation updates and such
# changes should be coordinated with translators and reviewers.
If you have clarification proposals, please discuss those there.
I keep this bug open for a while to collect more opinion or for
possibly a follow-up from the discussion at debian-l10n-english.
> I am not sure whether this is a debian issue or an upstream issue - it's clearly in the debian subdirectory, but the same directory exists upstream (relocated to packaging/debian 1 year ago)
>
> https://gitlab.com/wireshark/wireshark/-/tree/master/packaging/debian
Cheers,
Balint