On 26 July 2015 at 02:47, Guy Harris <[email protected]> wrote:
> As long as the user software can provide to libpcap, if necessary, some
> way of launching the helper with sufficient privileges (this had better not
> require a GUI, as you might not have a GUI available if you're trying to
> capture with, for example, tcpdump or TShark; it might involve running it
> through sudo), it should be supported by any software (and might default to
> something like sudo, so that only GUI-based applications would need to
> specify a mechanism - and they might just be able to specify "use the
> default GUI mechanism").
>
>
Unfortunately I think Windows UAC either requires the process to be started
by the user with sufficient privileges such that UAC elevation is
unnecessary, or if a process requires elevation a GUI UAC prompt is shown.
I don't know of a mechanism whereby a non-GUI process can request elevation
in a non-GUI manner apart from requesting the user enter credentials which
entails a load of other issues. Generally, command line tools, such as
PowerShell cmdlets just fail if they don't have the privileges required to
undertake the task, e.g.
>From a non-elevated PowerShell prompt:
C:\temp\winpcap> Get-Service npf | Stop-Service
Stop-Service : Service 'NetGroup Packet Filter Driver (npf)' cannot be
stopped due to the following error: Cannot
open npf service on computer '.'.
At line:1 char:19
+ Get-Service npf | Stop-Service
+ ~~~~~~~~~~~~
+ CategoryInfo : CloseError:
(System.ServiceProcess.ServiceController:ServiceController) [Stop-Service
], ServiceCommandException
+ FullyQualifiedErrorId :
CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand
And from an elevated one it succeeds as one would expect.
--
Graham Bloice
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
