On 4/28/13 12:02 PM, Guy Harris wrote: > > On Apr 28, 2013, at 7:43 AM, Surbhi Jain <jainsurbhi...@gmail.com> wrote: > >> When we install WIRESHARK or most of the softwares on any distro, window >> prompts up asking for root password. When the installation of the software >> starts, can't we run a script which will allow the logged in user or >> third-party user to view the listed interfaces of the system. > > That's what happens with the OS X installer; it runs a script that adds a new > access_bpf group to the system, makes the user a member of the group, and > installs a StartupItem (run at boot time) to change the permissions of all > the /dev/bpf* devices to rw-rw-r-- and the group owner of them to access_bpf > (and runs that script) so that anybody in the access_bpf group can capture > traffic without requiring root permissions.
One of the problems with this approach is that new, inaccessbile bpf devices can be created at any time. For example if you open all of the interfaces at the same time in order to draw pretty sparklines on the main screen and then try to open an interface for capture the system will create a new bpf device with default permissions. It might make sense to handle this at run time (e.g. by running dumpcap via launchd) instead of at boot time. > For a given distribution, *if* the kernel supports capabilities, the > installer for a given distribution could ensure that dumpcap has the right > capabilities set, and can also make it not readable and executable except by > the owner and some group; I think some distributions *might* do this already, > but others might not. > > Whether that can be done, and how that's done, depends on the distribution - > and whether, if we put it into *our* packaging for that distribution, the > distribution won't just remove it, is another matter. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
