Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] [patch] drop privs in dumpcap if run setuid

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Hank Leininger <hlein@xxxxxxxxxxxxx>
Date: Thu, 15 Feb 2007 20:41:38 -0500
On Thu, Feb 15, 2007 at 08:47:40PM +0100, Ulf Lamping wrote:
> Guy Harris wrote:
> > I think he means the list of interfaces on which you can capture.
> >   
> Yes, the menu item: Capture / Interfaces ...

Ah, OK.  Looking at the docs with nice win32 screen captures, I see why
I did not know what you mean--I had never seen it actually work.  At the
moment on a non-BPF-having UNIX, you either a)run everything
non-privileged, and cannot get sniffing permissions at all, or b)run
everything as root, in which case gtk will refuse to even run the
Wireshark GUI, so you never see it.

OTOH, it probably works fine right now under BSDish OS's with
permissions set appropriately on /dev/bpf*.

> > There's no inherent problem with doing that in dumpcap; there needs to  
> > be a way to ask dumpcap to give a list of interfaces (written to the  
[snip]
> 
> There's no problem I see that can't be solved, but it's still a *lot* of 
> work to be done to make it complete.

OK.

Well, how about this.  I contend that since the current code is
completely broken for live-capturing on non-BPF-having UNIX, an
incremental improvement (making it basically work, albiet somewhat
lacking) is better than the current state.  So, how 'bout a patch that
rather than just ifndef _WIN32, is specifically only enabled for
non-BPF-having UNIXes.  That way they would Basically Work, with this
documentable shortcoming, which maybe one day will garner enough
interest to be resolved?  Would you accept such a patch?

> As I only earned complains about my work on this topic (this doesn't 
> work, that doesn't work, this doesn't work as in the last release, ...) 
> I don't feel any motivation myself to continue working on it - there are 
> just more interesting fields where I'll even get personal benefit from - 
> compared to that it only works as before ...

I understand, and there are probably indeed many better ways for you to
spend your time (either on wider-interest Wireshark stuff, or on a
life!).  While this remains an interest of mine, I'll try to help rather
than just complain :-P

Thanks,

Hank

Attachment: pgpGS2jFUgUaO.pgp
Description: PGP signature

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube