Home page logo
/

wireshark logo Wireshark mailing list archives

Re: GSoC 2013 Project Proposal for Root permissions in wireshark
From: Gerald Combs <gerald () wireshark org>
Date: Mon, 29 Apr 2013 09:26:30 -0700

On 4/28/13 12:02 PM, Guy Harris wrote:

On Apr 28, 2013, at 7:43 AM, Surbhi Jain <jainsurbhi024 () gmail com> wrote:

When we install WIRESHARK or most of the softwares on any distro, window prompts up asking for root password. When 
the installation of the software starts, can't we run a script which will allow the logged in user or third-party 
user to view the listed interfaces of the system.

That's what happens with the OS X installer; it runs a script that adds a new access_bpf group to the system, makes 
the user a member of the group, and installs a StartupItem (run at boot time) to change the permissions of all the 
/dev/bpf* devices to rw-rw-r-- and the group owner of them to access_bpf (and runs that script) so that anybody in 
the access_bpf group can capture traffic without requiring root permissions.

One of the problems with this approach is that new, inaccessbile bpf
devices can be created at any time. For example if you open all of the
interfaces at the same time in order to draw pretty sparklines on the
main screen and then try to open an interface for capture the system
will create a new bpf device with default permissions. It might make
sense to handle this at run time (e.g. by running dumpcap via launchd)
instead of at boot time.


For a given distribution, *if* the kernel supports capabilities, the installer for a given distribution could ensure 
that dumpcap has the right capabilities set, and can also make it not readable and executable except by the owner and 
some group; I think some distributions *might* do this already, but others might not.

Whether that can be done, and how that's done, depends on the distribution - and whether, if we put it into *our* 
packaging for that distribution, the distribution won't just remove it, is another matter.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault