Wireshark-dev: Re: [Wireshark-dev] [Fwd: [Wireshark-bugs] [Bug 1741] New: Privilege separation
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Tue, 14 Aug 2007 15:43:07 -0700
Stephen Fisher wrote:
> On Mon, Aug 13, 2007 at 02:58:10PM -0700, Gerald Combs wrote:
> 
>> I've submitted a patch which implements some of the changes discussed
>> at http://wiki.wireshark.org/Development/PrivilegeSeparation . If no
>> one has any objections I'd like to check it in later this week.
> 
> Thanks for your effort.  The code looks fine to me on a quick pass by.
> 
>> - The autoconf/automake configuration now installs dumpcap and TShark
>> setuid by default. A non-privileged user (default "wireshark") is also
>> defined.
> 
> I think it is best (easiest for users) to have Wireshark run as the user
> who started it instead of a special user.  Compiling it to run as a new
> user called wireshark or other should be an option.

As long as Wireshark is run as a regular user, that's the case with the
patch.  If Wireshark is run with elevated privileges, an attempt is made
to setuid to the user who called Wireshark. If that user turns out to be
root, then Wireshark will setuid to the special user.  It'd probably
make sense to pop up a notification dialog when this happens.