Re: MacOSX installation and /dev/bpf permissions

[Guy Harris <guy () alum mit edu>]

On Feb 13, 2011, at 10:57 AM, Ray Wilson wrote:

> Sudo works to. Changing the device file is awkward. Cheers.

If by "sudo works too" you mean "running Wireshark as root works too", well, having a program of over two million lines 
run as root could be awkward, too, if a bug causes it to do something it shouldn't:

        http://anonsvn.wireshark.org/wireshark/trunk/doc/README.packaging

"WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
THEM AS ROOT."

The right ways to handle this are either to

        1) make dumpcap set-UID root

or

        2) use the ChmodBPF startup item (which is on the install dmg, but can't be drag-installed for various obscure 
reasons)

both of which may be awkward, but you only have to do them once.

Perhaps it's time to bite the bullet and use a regular installer package; yeah, it goes against the Religion Of 
Drag-Installs on OS X, but Wireshark has special requirements (i.e., it needs to somehow arrange that it have the 
privileges needed to capture traffic), and an installer package might be simpler overall.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe