Wireshark-dev: Re: [Wireshark-dev] own dissector doesn't work with root
From: Guy Harris <[email protected]>
Date: Tue, 06 May 2008 09:12:06 -0700
Luis EG Ontanon wrote:
Wireshark won't load plugins not owned by root if running as root.
That is to avoid someone writing a plugin that (e.g.) executes a shell
with root priviledges in a system where wireshark is allowed by sudo.

# chown root your_plugin

By the way WS as of 1.0 does not require to be run as root anymore, it
runs setuid and drops privileges ASAP.
Wireshark 1.0 doesn't run as set-UID, but it also doesn't itself do 
packet capture, so it doesn't have to; TShark 1.0 doesn't run as root, 
either.
Instead, they run dumpcap to do the low-level packet capturing; dumpcap 
can be installed as set-UID root, if that's required in order to capture 
packets, and relinquishes its privileges as soon as it can.