Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] own dissector doesn't work with root

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 06 May 2008 09:12:06 -0700

Luis EG Ontanon wrote:

Wireshark won't load plugins not owned by root if running as root.
That is to avoid someone writing a plugin that (e.g.) executes a shell
with root priviledges in a system where wireshark is allowed by sudo.

# chown root your_plugin

By the way WS as of 1.0 does not require to be run as root anymore, it
runs setuid and drops privileges ASAP.
Wireshark 1.0 doesn't run as set-UID, but it also doesn't itself do packet capture, so it doesn't have to; TShark 1.0 doesn't run as root, either.
Instead, they run dumpcap to do the low-level packet capturing; dumpcap can be installed as set-UID root, if that's required in order to capture packets, and relinquishes its privileges as soon as it can.
  • References:
    • [Wireshark-dev] own dissector doesn't work with root
      • From: Stephan Neumann
    • Re: [Wireshark-dev] own dissector doesn't work with root
      • From: Luis EG Ontanon
  • Prev by Date: Re: [Wireshark-dev] request help for packet capture using libpcap
  • Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 25232: /trunk/ /trunk/: configure.in make-version.pl
  • Previous by thread: Re: [Wireshark-dev] own dissector doesn't work with root
  • Next by thread: [Wireshark-dev] request help for packet capture using libpcap
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation