On Apr 1, 2009, at 1:42 AM, Tobias Weber wrote:
On 01.04.2009, at 00:47, Guy Harris wrote:
A set-UID program that does what privileged stuff it needs to do
(opening a pcap_t,
(what I've seen is using libpcap in the helper tool only and remote
controlling that from the GUI)
Exactly - like dumpcap.
A pcap_t is too complex to pass from privileged to unpriviledged
code. It's easy with a file descriptor, so it would be nice if
libpcap could use one to make a pcap_t.
That's insufficient to provide the full capabilities of libpcap to non-
privileged users on all platforms. On Linux, for example, you also
need privileges to enumerate network adapters. The program would need
to perform other operations - possibly including cleaning up monitor
mode when closing the device.
Wireshark already does that, for separation-of-privileges reasons
and for other reasons.
(it still requires changing permissions on the device for OS X)
At least with a reasonably recent top-of-SVN-tree build, making
dumpcap set-UID root appeared to work, even with BPF devices to which
I don't have access.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.