Wireshark · Wireshark-dev: Re: [Wireshark-dev] own dissector doesn't work with root

Wireshark-dev: Re: [Wireshark-dev] own dissector doesn't work with root

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 06 May 2008 09:12:06 -0700

Luis EG Ontanon wrote:

Wireshark won't load plugins not owned by root if running as root.
That is to avoid someone writing a plugin that (e.g.) executes a shell
with root priviledges in a system where wireshark is allowed by sudo.

# chown root your_plugin

By the way WS as of 1.0 does not require to be run as root anymore, it
runs setuid and drops privileges ASAP.

Wireshark 1.0 doesn't run as set-UID, but it also doesn't itself dopacket capture, so it doesn't have to; TShark 1.0 doesn't run as root,either.

Instead, they run dumpcap to do the low-level packet capturing; dumpcapcan be installed as set-UID root, if that's required in order to capturepackets, and relinquishes its privileges as soon as it can.

References:
- [Wireshark-dev] own dissector doesn't work with root
  - From: Stephan Neumann
- Re: [Wireshark-dev] own dissector doesn't work with root
  - From: Luis EG Ontanon

Prev by Date: Re: [Wireshark-dev] request help for packet capture using libpcap
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 25232: /trunk/ /trunk/: configure.in make-version.pl
Previous by thread: Re: [Wireshark-dev] own dissector doesn't work with root
Next by thread: [Wireshark-dev] request help for packet capture using libpcap
Index(es):
- Date
- Thread