Home page logo
/

wireshark logo Wireshark mailing list archives

Re: GSoC 2013 Project Proposal for Root permissions in wireshark
From: Guy Harris <guy () alum mit edu>
Date: Sun, 28 Apr 2013 12:02:56 -0700


On Apr 28, 2013, at 7:43 AM, Surbhi Jain <jainsurbhi024 () gmail com> wrote:

When we install WIRESHARK or most of the softwares on any distro, window prompts up asking for root password. When 
the installation of the software starts, can't we run a script which will allow the logged in user or third-party 
user to view the listed interfaces of the system.

That's what happens with the OS X installer; it runs a script that adds a new access_bpf group to the system, makes the 
user a member of the group, and installs a StartupItem (run at boot time) to change the permissions of all the 
/dev/bpf* devices to rw-rw-r-- and the group owner of them to access_bpf (and runs that script) so that anybody in the 
access_bpf group can capture traffic without requiring root permissions.

For a given distribution, *if* the kernel supports capabilities, the installer for a given distribution could ensure 
that dumpcap has the right capabilities set, and can also make it not readable and executable except by the owner and 
some group; I think some distributions *might* do this already, but others might not.

Whether that can be done, and how that's done, depends on the distribution - and whether, if we put it into *our* 
packaging for that distribution, the distribution won't just remove it, is another matter.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault