Home page logo

wireshark logo Wireshark mailing list archives

Re: Error while installing wireshark 1.10.3
From: Guy Harris <guy () alum mit edu>
Date: Wed, 11 Dec 2013 04:41:31 -0800

On Dec 6, 2013, at 6:41 AM, Sreejith M M <sreejith.mm () gmail com> wrote:

Looks like some problem with rpm creation.

The problem appears to be that the RPM was created with the dumpcap program having some file capabilities set, and was 
unpacked into an NFS-mounted directory, which means that the capability bits can't be set.

If the capability bits aren't set, either you'd have to run Wireshark/TShark as root, which would be an Extremely Bad 
Idea (as doc/README.packaging says:

        In versions up to and including 0.99.6, it was necessary to run
        Wireshark with elevated privileges in order to be able to capture
        traffic. With version 0.99.7, all function calls that require elevated
        privileges have been moved out of the GUI to dumpcap.

        THEM AS ROOT.

        Warnings are displayed when Wireshark and TShark are run as root.

so don't do it), or you'd have to make dumpcap set-UID root (as doc/README.packaging says:

        There are several configure-time options on non-Windows systems that
        affect the privileges a normal user needs to capture traffic and list
            --enable-setcap-install   Install dumpcap with cap_net_admin and
                                      cap_net_raw capabilities. Linux only.

            --enable-setuid-install   Install dumpcap setuid root.

            --with-libcap             If running as root, try to grab
                                      CAP_NET_ADMIN and CAP_NET_RAW, then drop
                                      privileges. Linux only.

            --with-dumpcap-group=...  Restricts dumpcap execution to the
                                      specified group.

--enable-setcap-install might produce an RPM that can't be properly installed over NFS, so you'd have to try 
--disable-setcap-install and --enable-setuid-install; if you do --enable-setuid-install on Linux, you should probably 
use --with-libcap, and possibly --with-dumpcap-group=, as well, picking a group to which the ability to run dumpcap, 
and thus to do captures when not running as root, should be granted).
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]