Wireshark mailing list archives
Re: GSoC 2013 Project Proposal for Root permissions in wireshark
From: Gerald Combs <gerald () wireshark org>
Date: Mon, 29 Apr 2013 09:26:30 -0700
On 4/28/13 12:02 PM, Guy Harris wrote:
On Apr 28, 2013, at 7:43 AM, Surbhi Jain <jainsurbhi024 () gmail com> wrote:When we install WIRESHARK or most of the softwares on any distro, window prompts up asking for root password. When the installation of the software starts, can't we run a script which will allow the logged in user or third-party user to view the listed interfaces of the system.That's what happens with the OS X installer; it runs a script that adds a new access_bpf group to the system, makes the user a member of the group, and installs a StartupItem (run at boot time) to change the permissions of all the /dev/bpf* devices to rw-rw-r-- and the group owner of them to access_bpf (and runs that script) so that anybody in the access_bpf group can capture traffic without requiring root permissions.
One of the problems with this approach is that new, inaccessbile bpf devices can be created at any time. For example if you open all of the interfaces at the same time in order to draw pretty sparklines on the main screen and then try to open an interface for capture the system will create a new bpf device with default permissions. It might make sense to handle this at run time (e.g. by running dumpcap via launchd) instead of at boot time.
For a given distribution, *if* the kernel supports capabilities, the installer for a given distribution could ensure that dumpcap has the right capabilities set, and can also make it not readable and executable except by the owner and some group; I think some distributions *might* do this already, but others might not. Whether that can be done, and how that's done, depends on the distribution - and whether, if we put it into *our* packaging for that distribution, the distribution won't just remove it, is another matter. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- GSoC 2013 Project Proposal for Root permissions in wireshark Surbhi Jain (Apr 24)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Surbhi Jain (Apr 24)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Phil Turmel (Apr 24)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Guy Harris (Apr 24)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Surbhi Jain (Apr 26)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Guy Harris (Apr 26)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Surbhi Jain (Apr 28)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Guy Harris (Apr 28)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Gerald Combs (Apr 29)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Guy Harris (Apr 29)
- Re: GSoC 2013 Project Proposal for Root permissions in wireshark Surbhi Jain (Apr 24)