Joerg Mayer schrieb: > On Mon, Aug 13, 2007 at 02:58:10PM -0700, Gerald Combs wrote: > >> I've submitted a patch which implements some of the changes discussed at >> http://wiki.wireshark.org/Development/PrivilegeSeparation . If no one >> has any objections I'd like to check it in later this week. >> > > I'm afraid you lost me with this patch: > > I understand the wireshark capture model correctly, wireshark > doesn't need root privileges even now because capturing can be done by > dumpcap, and thus wireshark should never be installed suid root. This > is reflected by configure.in. Yes and no. While the capturing itself is already completely done in dumpcap, some libpcap/winpcap stuff was still called in Wireshark itself (e.g. the enumeration of capture interfaces). At least for some of the Win32 specific stuff like the interface details windows this is still the case AFAIR.
However, I don't know how far Geralds changes are going (didn't had a look myself at it), maybe he fixed even that somehow. > Is there a specific reason why this line > of work isn't enforced and adapted to tshark as well? > No specific reasons, it was just my laziness when I stopped implementing the privsep things some time ago. Regards, ULFL _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
