On Wed, Aug 15, 2007 at 09:33:05AM -0700, Gerald Combs wrote:
> >> I still think that this stuff is the wrong approach: wireshark should
> >> not need root privileges and if you want to make sure that the program
>
> > Do you mean Wireshark the UI or the capturing part? At least on Solaris
> > versions below 10 and Linux the capturing part must run as root.
>
> That's exactly the problem I'm trying to solve. Ever since the initial
> release, the standard practice for capturing on Unix/Linux systems has
> included the step "start Wireshark (or Ethereal) as root." Our own
> User's Guide tells you to run Wireshark as root. There's a Wireshark
> launcher for OS X that fires up X11 and runs Wireshark as root. This
> practice is wrong, and it must stop.
>
> Just to be clear: *This patch does not run Wireshark as root*. Just the
> opposite, in fact. If Wireshark catches you running it as root, it
> drops privileges *immediately*.
I am still not convinced that that's the right approach. If someone is
running wireshark as root user and root has a umask of 077 then that
user has any right to expect that he will be able to open files he
captured earlier. Also, I really don't like forcing people into such
stuff for wireshark and tshark. Dumpcap is a different thing. If you
really want to educate the users then please do exactly that, but don't
force your opinion on them. Print out a message (tshark) or pop up a
requester (wireshark) if these programs are run suid root that if they
want to run these tools as non-root users it is sufficient to suid root
dumpcap and remove suid from the other binaries (ok, that's not there
yet for tshark :) There needs to be a preference to permanently suppress
that message.
> > 1) tell them not to "sudo" but just install 'dumpcap' set-uid and run
> > Wireshark as themselves (the popup helps here)
>
> This is exactly what my proposed patch allows. In this case, there
> would be no popup.
I don't mind the message (see above) but I don't like the forced drop
of privs.
Ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.