> Seems to me this would go along really well with the discussion of having a
> miniature stub-capture helper program that could be used by ethereal for
> easy setuid without setuid-gtk.
Of course, if the goal is to allow ordinary users to capture packets,
there are other ways to do that on a number of platforms; from the
tcpdump man page:
Under SunOS with nit or bpf: To run tcpdump you must have
read access to /dev/nit or /dev/bpf*. Under Solaris with
dlpi: You must have read access to the network pseudo dev-
ice, e.g. /dev/le. Under HP-UX with dlpi: You must be root
or it must be installed setuid to root. Under IRIX with
snoop: You must be root or it must be installed setuid to
root. Under Linux: You must be root or it must be installed
setuid to root. Under Ultrix and Digital UNIX: Once the
super-user has enabled promiscuous-mode operation using
pfconfig(8), any user may run tcpdump. Under BSD: You must
have read access to /dev/bpf*.
On Linux, if your Linux distribution makes the capability flags useful,
i.e. allows you to arrange that particular users get particular
capabilities set in their login process, giving users the CAP_NET_RAW
capability should allow them to capture packets. Unfortunately, I don't
know whether any Linux distribution has versions of login/{x,g,k}dm/etc.
that support this.