forked from osmocom/wireshark
Expand the setuid text a bit.
svn path=/trunk/; revision=24485
This commit is contained in:
Gerald Combs
parent
a2b19b3603
commit
b202480fd8
8
INSTALL
8
INSTALL
|
|
@ -138,7 +138,13 @@ README.win32 for those instructions.
|
|||
use this switch.
|
||||
|
||||
--enable-setuid-install
|
||||
Use this switch to install dumpcap as setuid.
|
||||
Wireshark and TShark rely on dumpcap for packet capture. Setting this
|
||||
flag installs dumpcap with setuid root permissions, which lets any user
|
||||
on the system capture live traffic. If this is not desired, you can
|
||||
restrict dumpcap's permissions so that only a single user or group can
|
||||
run it.
|
||||
|
||||
Running Wireshark or TShark as root is not recommended.
|
||||
|
||||
--without-pcap
|
||||
If you choose to build a packet analyzer that can analyze
|
||||
|
|
|
|||
|
|
@ -46,7 +46,10 @@ interfaces: "--enable-setuid-install" and "--with-libcap". Setting
|
|||
"--enable-setuid-install" to "yes" will install dumpcap setuid root.
|
||||
This is necessary for non-root users to be able to capture on most
|
||||
systems, e.g. on Linux or FreeBSD if the user doesn't have permissions
|
||||
to access /dev/bpf*. It is disabled by default.
|
||||
to access /dev/bpf*. It is disabled by default. Note that enabling this
|
||||
allows packet capture for ALL users on your system. If this is not
|
||||
desired, you should restrict dumpcap execution to a specific group or
|
||||
user.
|
||||
|
||||
If the "--with-libcap" option is enabled, dumpcap will try to drop any
|
||||
setuid privileges it may have while retaining the CAP_NET_ADMIN and
|
||||
|
|
|
|||
Loading…
Reference in New Issue