Wireshark-bugs: [Wireshark-bugs] [Bug 12952] [feature-request] Support for sshdump using tcpdump

Date: Tue, 27 Sep 2016 19:07:00 +0000

Comment # 10 on bug 12952 from
(In reply to Peter Wu from comment #6)
> (In reply to Dario Lombardo from comment #5)
> > You can apply setcap to tcpdump too.
> 
> Many distributions have setcap on dumpcap by default (+ special system
> group), but not tcpdump. I would be cautious on doing this for tcpdump, it
> would likely be overwritten by system upgrades and has some unknown security
> impact.

tcpdump, unlike dumpcap, dissects packets, so it's a bit riskier to run with
privileges.

(Ideally, programs that need to capture packets will never run with privileges
- libpcap should run a helper program that does only those operations that
require privileges, that does whatever authorization is desired for capture and
injection privileges, and that, for example, hands an opened file descriptor to
libpcap from which to read packets.  That's a libpcap issue; I have some ideas
on how to do that, but haven't had the chance to implement it yet.)


You are receiving this mail because:
  • You are watching all bug changes.