Re: Fwd: On Wireshark and network capture in general
On Fri, Jun 19, 2009 at 01:56:05PM +0200, Josselin Mouette wrote:
Le vendredi 19 juin 2009 à 12:54 +0200, Jaap Keuter a écrit :
> What I've noticed is that Debian (still) requires the user to run
> Wireshark with root credentials in order to be able to launch a
> capture. Otherwise the network interfaces won't even be visible.
> This problem, running a massive GUI application with root
> credentials, was
> identified long ago and addressed as such. The core capture
> was isolated in a capture child, so the rest (dissection, GUI, etc)
> be run as a normal user. This only(ahem) requires the capture engine
> (dumpcap) to be installed setuid root.
I think it’s just as bad an idea to launch dumpcap setuid root as it is
to launch the GUI as root.
Definitely as default for the install. For many people the common case
is to use wireshark to analyze captures taken by a different tool, and
there's no reason for them to automatically have anything setuid to
support that case.