Wireshark · Ethereal-dev: Re: Fwd: Re: [Ethereal-dev] Ethereal patch: limit capability set under Linux

[Ulf Lamping <ulf.lamping@xxxxxx>]

Thomas Anders wrote:

> Ulf Lamping wrote:
>
>> Wouldn't it be a good idea to do it the other way round? Usually running
>> Ethereal in user level and raise capabilities (somehow like su does it),
>> when needed while capturing.
>
>
> Unless we're talking about different things here, there's no painless
> way to "raise capabilities" -- and that's by intention since it's the
> whole point of dropping (or not having) them in the first place.
>
Yes, a program shoulnd't be able to raise privileges "on it's own".

I've seen such a mechanism e.g. when starting synaptic. If the user
doesn't have enough privileges, there's a dialog box popping up asking
for root password. I'm unsure if it's done by some kind of graphical su?

After the changes I've done "recently", we always use a two task model
to capture packets, so this "su model" could be added to Ethereal somehow.

But after thinking about it, it might be tedious each time you start a
capture to be asked about a password, so it might not be a practical
idea at all  ...

Regards, ULFL

P.S: I don't say anything against the patch, it's just that it would be
nice if I would understand how it's working. Some more comments in the
code would be really nice :-)