https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5256
--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2010-09-26 13:17:03 PDT ---
To quote the doc/README.packaging file in the Wireshark source code - please
note the two sentences that are in all caps, and note that "run XXX with sudo"
means "run XXX as root":
3. Privileges.
In versions up to and including 0.99.6, it was necessary to run
Wireshark with elevated privileges in order to be able to capture
traffic. With version 0.99.7, all function calls that require elevated
privileges have been moved out of the GUI to dumpcap.
WIRESHARK CONTAINS NEARLY TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
THEM AS ROOT.
Warnings are displayed when Wireshark and TShark are run as root.
There are several configure-time options on non-Windows systems that
affect the privileges a normal user needs to capture traffic and list
interfaces:
--enable-setcap-install Install dumpcap with cap_net_admin and
cap_net_raw capabilities. Linux only.
--enable-setuid-install Install dumpcap setuid root.
--with-libcap If running as root, try to grab
CAP_NET_ADMIN and CAP_NET_RAW, then drop
privileges. Linux only.
--with-dumpcap-group=... Restricts dumpcap execution to the
specified group.
These are necessary for non-root users to be able to capture on most
systems, e.g. on Linux or FreeBSD if the user doesn't have permissions
to access /dev/bpf*. Setcap installation is preferred over setuid on
Linux. If "--enable-setcap-install" is used it will override any setuid
settings.
The "--with-libcap" option is only useful when dumpcap is installed
setuid. If it is enabled dumpcap will try to drop any setuid privileges
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
capabilities. It is enabled by default, if the Linux capabilities
library (on which it depends) is found.
Note that enabling setcap or setuid installation allows packet capture
for ALL users on your system. If this is not desired, you can restrict
dumpcap execution to a specific group or user. The following two examples
show how to restrict access using setcap and setuid respectively:
# groupadd -g packetcapture
# chmod 750 /usr/bin/dumpcap
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap
# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.