dumpcap.c: Fix a typo.

INSTALL: Add entries for libcap. svn path=/trunk/; revision=24722
2008-03-24 16:22:30 +00:00 · 2008-03-24 16:22:30 +00:00 · ec74de5957
parent 0a34df9b85
commit ec74de5957
2 changed files with 18 additions and 4 deletions
--- a/16
+++ b/16
@ -142,10 +142,24 @@ README.win32 for those instructions.
        flag installs dumpcap with setuid root permissions, which lets any user
        on the system capture live traffic. If this is not desired, you can
        restrict dumpcap's permissions so that only a single user or group can
-        run it.
+        run it. This can be used in conjunction with --with-libcap described
+        below.

        Running Wireshark or TShark as root is not recommended.

+    --without-libcap
+        By default, if 'configure' finds libcap (the POSIX capabilities
+        library) dumpcap will be built so that if it is installed setuid
+        root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
+        before dropping root privileges. Use this option to disable this
+        behavior.
+
+    --with-libcap=DIR
+        Use this option to tell 'configure' where libcap is installed,
+        if it is installed in a non-standard location. Note that libcap
+        (the POSIX capabilities library, sans "p") and libpcap (the
+        packet capture library, avec "p") are two very different things.
+
    --without-pcap
        If you choose to build a packet analyzer that can analyze
        capture files but cannot capture packets on its own, but you
--- a/dumpcap.c
+++ b/dumpcap.c
@ -489,7 +489,7 @@ print_caps(char *pfx _U_) {
 static void
 relinquish_privs_except_capture(void)
 {
-    /* If 'started_with_special_privs' (ie: suid) then enable for 
+    /* If 'started_with_special_privs' (ie: suid) then enable for
     *  ourself the  NET_ADMIN and NET_RAW capabilities and then
     *  drop our suid privileges.
     *
@ -2401,7 +2401,7 @@ main(int argc, char *argv[])
  /*        This behaviour will apparently be changed in the kernel    */
  /*        to allow the kill (signal) in this case.                   */
  /*        See the following for details:                             */
-  /*           http://www.mail-archive.com/  [wrapped]                 */ 
+  /*           http://www.mail-archive.com/  [wrapped]                 */
  /*             linux-security-module@vger.kernel.org/msg02913.html   */
  /*                                                                   */
  /*        It is therefore conceivable that if dumpcap somehow hangs  */
@ -2419,7 +2419,7 @@ main(int argc, char *argv[])
  /*         drop all capabilities (NET_RAW and NET_ADMIN)             */
  /*                                                                   */
  /* ToDo: -S (stats) should drop privileges/capabilities when no      */
-  /*       onger required (similar to capture).                        */
+  /*       longer required (similar to capture).                        */
  /*                                                                   */
  /* ----------------------------------------------------------------- */