Wireshark-bugs: [Wireshark-bugs] [Bug 13096] Allow capture of iptap and pktap pseudo-interfaces

Date: Fri, 04 Nov 2016 22:33:28 +0000

Comment # 1 on bug 13096 from
(In reply to myrs2m9quk from comment #0)
> As noted in #11659, Wireshark can be "tricked" into allowing captures on
> these interfaces by manually starting a tcpdump,

By manually starting a tcpdump *as root*.

That's the problem - they need to be constructed by code running as root in
order to capture on them, and the program Wireshark uses to capture traffic,
dumpcap, isn't run as root.

We could build dumpcap to be set-UID, which we do on some other platforms; that
would also obviate the need for the ChmodBPF launchd job.

(That's not an ideal solution, as it means a bunch of code is running as root
that doesn't really need to run as root, even though dumpcap gives up its
privileges as soon as it can.  The *ideal* solution would be to have libpcap
run a subprogram to open devices, and have that subprogram do whatever stuff
needs special privileges and, for example, hand a file descriptor to libpcap to
use when capturing.  That's a work in progress, but it's early in the design
stage.)


You are receiving this mail because:
  • You are watching all bug changes.