Re: [Wireshark-commits] rev 50560: /trunk/ /trunk/packaging/macosx/Resources/bin/: wireshark /trunk/packaging/macosx/: osx-app.sh /trunk/: configure.ac

[Guy Harris <guy () alum mit edu>]

On Jul 29, 2013, at 2:13 AM, Stig Bjørlykke <stig () bjorlykke org> wrote:

> I get this warning when running dumpcap from /opt/local/bin, which
> makes dumpcap unusable for wireshark:

> dyld: warning, LC_RPATH @executable_path/../lib in
> /opt/local/bin/dumpcap being ignored in restricted program because of
> @executable_path

> From looking at the Mountain Lion dyld source, "restricted program" includes "set-UID or set-GID program"; there's 
> also a code-signing op for the csops() system call to set a "restricted" flag for the process, but I'm not sure what 
> causes that to happen.

I think a "restricted program" will also not have the library search process affected by the DYLD_ environment 
variables; in both cases, this is A Feature, intended to keep you from fooling set-UID/set-GID programs into looking in 
places *you* control for their shared libraries.

This means that if dumpcap is to be set-UID or set-GID, it had better have the final location of the GLib libraries and 
libwsutil wired into it as absolute paths, so that those libraries can't move.

One solution to this is not to have dumpcap be set-UID or set-GID on OS X.  It's not that way by default; instead, the 
ChmodBPF startup item is installed and run to make the BPF devices readable and writable by the access_bpf group, and 
the user who installs Wireshark is put into that group.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe