Wireshark-bugs: [Wireshark-bugs] [Bug 10735] wireshark fails to start when run with setuid/setgi
Date: Mon, 01 Dec 2014 21:50:20 +0000

changed bug 10735


What Removed Added
CC   jeff.morriss.ws@gmail.com

Comment # 8 on bug 10735 from
(In reply to Stephen Fisher from comment #4)
> (In reply to yuri from comment #3)
> > Thanks, I didn't think of dumpcap first.
> > 
> > On BSD, adding this line to /etc/devfs.rules:
> > add path 'bpf*' mode 0660 group network
> > 
> > and placing /usr/local/bin/dumpcap into network and 'setgid' it seems more
> > generic solution?
> 
> Yes.  There are a couple of configure script options you may want to look at:
> 
> --with-dumpcap=GROUP     restrict dumpcap to GROUP
> --enable-setuid-install  install dumpcap as setuid [default=no]
> 
> But there isn't an option to dumpcap as setgid at this time.

Wouldn't it make more sense to not make dumpcap setgid but rather put users who
are allowed to use it in the 'network' group? (Or to do like the Linux distros
do and create a 'wireshark' group and make the bpf devices readable by members
of that group?)  That way the admin can still control who can run dumpcap.

dumpcap has the setuid option for systems which don't have capabilities (or bpf
permissions) which allow dumpcap to run without elevated privileges.


You are receiving this mail because:
  • You are watching all bug changes.