Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 50560: /trunk/ /trunk/packaging/maco
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 29 Jul 2013 03:06:11 -0700
On Jul 29, 2013, at 2:13 AM, Stig Bjørlykke <stig@xxxxxxxxxxxxx> wrote:

> I get this warning when running dumpcap from /opt/local/bin, which
> makes dumpcap unusable for wireshark:
> 

> dyld: warning, LC_RPATH @executable_path/../lib in
> /opt/local/bin/dumpcap being ignored in restricted program because of
> @executable_path

From looking at the Mountain Lion dyld source, "restricted program" includes "set-UID or set-GID program"; there's also a code-signing op for the csops() system call to set a "restricted" flag for the process, but I'm not sure what causes that to happen.

I think a "restricted program" will also not have the library search process affected by the DYLD_ environment variables; in both cases, this is A Feature, intended to keep you from fooling set-UID/set-GID programs into looking in places *you* control for their shared libraries.

This means that if dumpcap is to be set-UID or set-GID, it had better have the final location of the GLib libraries and libwsutil wired into it as absolute paths, so that those libraries can't move.

One solution to this is not to have dumpcap be set-UID or set-GID on OS X.  It's not that way by default; instead, the ChmodBPF startup item is installed and run to make the BPF devices readable and writable by the access_bpf group, and the user who installs Wireshark is put into that group.