Wireshark-users: Re: [Wireshark-users] [patch] drop privs in dumpcap if run setuid
From: Jeff Morriss <[email protected]>
Date: Fri, 16 Feb 2007 13:29:20 +0800

Hank Leininger wrote:
On Thu, Feb 15, 2007 at 08:47:40PM +0100, Ulf Lamping wrote:
Guy Harris wrote:
I think he means the list of interfaces on which you can capture.
Yes, the menu item: Capture / Interfaces ...
Ah, OK.  Looking at the docs with nice win32 screen captures, I see why
I did not know what you mean--I had never seen it actually work.  At the
moment on a non-BPF-having UNIX, you either a)run everything
non-privileged, and cannot get sniffing permissions at all, or b)run
everything as root, in which case gtk will refuse to even run the
Wireshark GUI, so you never see it.
Hmm, there's also the obvious option (c) where you "su" root and run 
Wireshark as root but not set-uid.  Works well for me though it's still 
more work than I'd like: In my environment everyone can have network 
capture access so I'd love to install Wireshark set-uid but I presently 
can't.