tcpdump mailing list archives
Re: Privileges on Mac
From: Guy Harris <guy () alum mit edu>
Date: Tue, 7 Apr 2009 12:52:00 -0700
On Apr 1, 2009, at 1:42 AM, Tobias Weber wrote:
On 01.04.2009, at 00:47, Guy Harris wrote:A set-UID program that does what privileged stuff it needs to do (opening a pcap_t,(what I've seen is using libpcap in the helper tool only and remote controlling that from the GUI)
Exactly - like dumpcap.
A pcap_t is too complex to pass from privileged to unpriviledged code. It's easy with a file descriptor, so it would be nice if libpcap could use one to make a pcap_t.
That's insufficient to provide the full capabilities of libpcap to non- privileged users on all platforms. On Linux, for example, you also need privileges to enumerate network adapters. The program would need to perform other operations - possibly including cleaning up monitor mode when closing the device.
Wireshark already does that, for separation-of-privileges reasons and for other reasons.(it still requires changing permissions on the device for OS X)
At least with a reasonably recent top-of-SVN-tree build, making dumpcap set-UID root appeared to work, even with BPF devices to which I don't have access.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Privileges on Mac Tobias Weber (Apr 01)
- Re: Privileges on Mac Guy Harris (Apr 07)