diff --git a/ChmodBPF/ChmodBPF b/ChmodBPF/ChmodBPF
new file mode 100755
index 0000000..ee37121
--- /dev/null
+++ b/ChmodBPF/ChmodBPF
@@ -0,0 +1,33 @@
+#! /bin/sh
+
+. /etc/rc.common
+
+StartService ()
+{
+	#
+	# Unfortunately, Mac OS X's devfs is based on the old FreeBSD
+	# one, not the current one, so there's no way to configure it
+	# to create BPF devices with particular owners or groups.
+	# This startup item will make it owned by the admin group,
+	# with permissions rw-rw----, so that anybody in the admin
+	# group can use programs that capture or send raw packets.
+	#
+	# Change this as appropriate for your site, e.g. to make
+	# it owned by a particular user without changing the permissions,
+	# so only that user and the super-user can capture or send raw
+	# packets, or give it the permissions rw-r-----, so that
+	# only the super-user can send raw packets but anybody in the
+	# admin group can capture packets.
+	#
+	chgrp admin /dev/bpf*
+	chmod g+rw /dev/bpf*
+}
+
+StopService ()
+{
+	return 0;
+}
+
+RestartService () { StartService; }
+
+RunService "$1"
diff --git a/ChmodBPF/StartupParameters.plist b/ChmodBPF/StartupParameters.plist
new file mode 100644
index 0000000..545e2a6
--- /dev/null
+++ b/ChmodBPF/StartupParameters.plist
@@ -0,0 +1,4 @@
+{
+  Description     = "Change BPF permissions";
+  Provides        = ("Non-root permission to capture or send raw packets");
+}
diff --git a/FILES b/FILES
index 0ba6919..95a4505 100644
--- a/FILES
+++ b/FILES
@@ -1,4 +1,6 @@
 CHANGES
+ChmodBPF/ChmodBPF
+ChmodBPF/StartupParameters.plist
 CREDITS
 FILES
 INSTALL.txt
@@ -9,6 +11,7 @@ README.aix
 README.dag
 README.hpux
 README.linux
+README.macosx
 README.tru64
 README.Win32
 SUNOS4/nit_if.o.sparc
diff --git a/INSTALL.txt b/INSTALL.txt
index f54d30c..3a2d2ad 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,4 +1,4 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.10 2004-04-05 22:43:50 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.11 2004-10-18 09:51:02 guy Exp $ (LBL)
 
 To build libpcap, run "./configure" (a shell script). The configure
 script will determine your system attributes and generate an
@@ -295,6 +295,8 @@ timestamp resolution if it finds it's running on a SS-1).
 FILES
 -----
 CHANGES		- description of differences between releases
+ChmodBPF/*	- Mac OS X startup item to set ownership and permissions
+		  on /dev/bpf*
 CREDITS		- people that have helped libpcap along
 FILES		- list of files exported as part of the distribution
 INSTALL.txt	- this file
@@ -305,6 +307,7 @@ README.aix	- notes on using libpcap on AIX
 README.dag	- notes on using libpcap to capture on Endace DAG devices
 README.hpux	- notes on using libpcap on HP-UX
 README.linux	- notes on using libpcap on Linux
+README.macosx	- notes on using libpcap on Mac OS X
 README.tru64	- notes on using libpcap on Digital/Tru64 UNIX
 README.Win32	- notes on using libpcap on Win32 systems (with WinPcap)
 SUNOS4		- pre-SunOS 4.1 replacement kernel nit modules
diff --git a/README.macosx b/README.macosx
new file mode 100644
index 0000000..25794d8
--- /dev/null
+++ b/README.macosx
@@ -0,0 +1,43 @@
+As with other systems using BPF, Mac OS X allows users with read access
+to the BPF devices to capture packets with libpcap and allows users with
+write access to the BPF devices to send packets with libpcap.
+
+On some systems that use BPF, the BPF devices live on the root file
+system, and the permissions and/or ownership on those devices can be
+changed to give users other than root permission to read or write those
+devices.
+
+On newer versions of FreeBSD, the BPF devices live on devfs, and devfs
+can be configured to set the permissions and/or ownership of those
+devices to give users other than root permission to read or write those
+devices.
+
+On Mac OS X, the BPF devices live on devfs, but the OS X version of
+devfs is based on an older (non-default) FreeBSD devfs, and that version
+of devfs cannot be configured to set the permissions and/or ownership of
+those devices.
+
+Therefore, we supply a "startup item" for OS X that will change the
+ownership of the BPF devices so that the "admin" group owns them, and
+will change the permission of the BPF devices to rw-rw----, so that all
+users in the "admin" group - i.e., all users with "Allow user to
+administer this computer" turned on - have both read and write access to
+them.
+
+The startup item is in the ChmodBPF directory in the source tree.  A
+/Library/StartupItems directory should be created if it doesn't already
+exist, and the ChmodBPF directory should be copied to the
+/Library/StartupItems directory (copy the entire directory, so that
+there's a /Library/StartupItems/ChmodBPF directory, containing all the
+files in the source tree's ChmodBPF directory; don't copy the individual
+items in that directory to /Library/StartupItems).
+
+If you want to give a particular user permission to access the BPF
+devices, rather than giving all administrative users permission to
+access them, you can have the ChmodBPF/ChmodBPF script change the
+ownership of /dev/bpf* without changing the permissions.  If you want to
+give a particular user permission to read and write the BPF devices and
+give the administrative users permission to read but not write the BPF
+devices, you can have the script change the owner to that user, the
+group to "admin", and the permissions to rw-r-----.  Other possibilities
+are left as an exercise for the reader.