ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Devices on MAC

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 07 Apr 2008 13:43:45 -0700
Jimmy Tucker wrote - to me, which isn't as useful as writing to a mailing list, given that I don't build the .dmg and thus am not the right person to whom to say "you need an installer": 
The problem is twofold:
1. there's no installer to move the StartupItems from the disk image to /Library/StartupItems/ and this confuses the novices
Unfortunately, that's not fixable with a drag-install application, so we'd need an installer for that.
Maybe someday OS X will devfault to BPF devices having admin as the group owner and having permissions rw-rw----, but, until then, we'd either need to have an installer, need to make dumpcap set-uid root in the image, or need to have people read the RTF (which is empty in the .dmg I downloaded) and install the startup items themselves. The last of those is a bit of a pain.
2. the items included don't actually work anyway when I moved them manually to /Library/StartupItems/Wireshark, even after restart. There's a syntax error in the ChmodBPF script
The only difference between the ChmodBPF script in the Wireshark 1.0 .dmg and the one that I've had installed on various Macs for ages - where it's worked just fine: 

   $ ls -l /dev/bpf*
   crw-rw----   1 root  admin   23,   0 Apr  7 13:10 /dev/bpf0
   crw-rw----   1 root  admin   23,   1 Mar 31 15:56 /dev/bpf1
   crw-rw----   1 root  admin   23,   2 Mar 31 15:56 /dev/bpf2
   crw-rw----   1 root  admin   23,   3 Mar 31 15:56 /dev/bpf3

is that the one in the .dmg has an RCS ID in it:
$ diff /System/Library/StartupItems/ChmodBPF/ChmodBPF /Volumes/Wireshark/Utilities/Startup/ChmodBPF 
   1a2,3
   > #
   > # $Id: ChmodBPF 24640 2008-03-15 18:31:52Z gerald $
   $

What is the syntax error that you believe the script contains?

and possibly the plist is faulty -- I'm no expert on that

The two plists are *identical*:
$ cmp /System/Library/StartupItems/ChmodBPF/StartupParameters.plist /Volumes/Wireshark/Utilities/Startup/StartupParameters.plist 
   $

and, again, it works fine for me.
When I put the plist and script from the FinkConsultiing build of 0.99.7 there and run the script or restart, the 
Sourceforge version of Wireshark 1.00.0 works fine.

Now, there *is* a question about the *ownership* of the script:
$ ls -l /System/Library/StartupItems/ChmodBPF/ChmodBPF /Volumes/Wireshark/Utilities/Startup/ChmodBPF -r-xr-xr-x 1 root wheel 900 Oct 22 11:24 /System/Library/StartupItems/ChmodBPF/ChmodBPF -rwxr-xr-x 1 gharris gharris 954 Mar 29 10:58 /Volumes/Wireshark/Utilities/Startup/ChmodBPF
(presumably the reason it's owned by me is that it was mounted by me and either it has owner and group 99 and/or it was mounted with MNT_IGNORE_OWNERSHIP).
http://developer.apple.com/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/StartupItems.html 

says
Because startup items run with root authority, you must make sure your startup item directory permissions are set correctly. For security reasons, your startup item directory should be owned by root, the group should be set to wheel, and the permissions for the directory should be 755 (rwxr-xr-x). This means that only the root user can modify the directory contents; other users can examine the directory view its contents but not modify them. The files inside the directory should have similar permissions and ownership.
so, if you just copied the startup item, both the script and the plist would've been owned by you, and would've been rejected at startup time. Installing the version from the Fink Consulting build might have installed files owned by root. 

BTW, that page also says
Important: In Mac OS X version 10.4 and later, the system asks the user what to do about startup items with incorrect permissions. At this point, the user may choose to disable the startup item, which could have unexpected results for your software. To avoid this, be sure to set the permissions during installation.
Are you running on Tiger or later and, if so, did you get asked about the startup item after you rebooted?
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube