Wireshark-dev: Re: [Wireshark-dev] GSoC 2013 Project Proposal for Root permissions in wireshark
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 28 Apr 2013 12:02:56 -0700
On Apr 28, 2013, at 7:43 AM, Surbhi Jain <jainsurbhi024@xxxxxxxxx> wrote:

> When we install WIRESHARK or most of the softwares on any distro, window prompts up asking for root password. When the installation of the software starts, can't we run a script which will allow the logged in user or third-party user to view the listed interfaces of the system.

That's what happens with the OS X installer; it runs a script that adds a new access_bpf group to the system, makes the user a member of the group, and installs a StartupItem (run at boot time) to change the permissions of all the /dev/bpf* devices to rw-rw-r-- and the group owner of them to access_bpf (and runs that script) so that anybody in the access_bpf group can capture traffic without requiring root permissions.

For a given distribution, *if* the kernel supports capabilities, the installer for a given distribution could ensure that dumpcap has the right capabilities set, and can also make it not readable and executable except by the owner and some group; I think some distributions *might* do this already, but others might not.

Whether that can be done, and how that's done, depends on the distribution - and whether, if we put it into *our* packaging for that distribution, the distribution won't just remove it, is another matter.