flag installs dumpcap with setuid root permissions, which lets any user
on the system capture live traffic. If this is not desired, you can
restrict dumpcap's permissions so that only a single user or group can
- run it.
+ run it. This can be used in conjunction with --with-libcap described
+ below.
Running Wireshark or TShark as root is not recommended.
+ --without-libcap
+ By default, if 'configure' finds libcap (the POSIX capabilities
+ library) dumpcap will be built so that if it is installed setuid
+ root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
+ before dropping root privileges. Use this option to disable this
+ behavior.
+
+ --with-libcap=DIR
+ Use this option to tell 'configure' where libcap is installed,
+ if it is installed in a non-standard location. Note that libcap
+ (the POSIX capabilities library, sans "p") and libpcap (the
+ packet capture library, avec "p") are two very different things.
+
--without-pcap
If you choose to build a packet analyzer that can analyze
capture files but cannot capture packets on its own, but you
static void
relinquish_privs_except_capture(void)
{
- /* If 'started_with_special_privs' (ie: suid) then enable for
+ /* If 'started_with_special_privs' (ie: suid) then enable for
* ourself the NET_ADMIN and NET_RAW capabilities and then
* drop our suid privileges.
*
/* This behaviour will apparently be changed in the kernel */
/* to allow the kill (signal) in this case. */
/* See the following for details: */
- /* http://www.mail-archive.com/ [wrapped] */
+ /* http://www.mail-archive.com/ [wrapped] */
/* linux-security-module@vger.kernel.org/msg02913.html */
/* */
/* It is therefore conceivable that if dumpcap somehow hangs */
/* drop all capabilities (NET_RAW and NET_ADMIN) */
/* */
/* ToDo: -S (stats) should drop privileges/capabilities when no */
- /* onger required (similar to capture). */
+ /* longer required (similar to capture). */
/* */
/* ----------------------------------------------------------------- */