forked from osmocom/wireshark
dumpcap.c: Fix a typo.
INSTALL: Add entries for libcap. svn path=/trunk/; revision=24722
This commit is contained in:
parent
0a34df9b85
commit
ec74de5957
16
INSTALL
16
INSTALL
|
@ -142,10 +142,24 @@ README.win32 for those instructions.
|
|||
flag installs dumpcap with setuid root permissions, which lets any user
|
||||
on the system capture live traffic. If this is not desired, you can
|
||||
restrict dumpcap's permissions so that only a single user or group can
|
||||
run it.
|
||||
run it. This can be used in conjunction with --with-libcap described
|
||||
below.
|
||||
|
||||
Running Wireshark or TShark as root is not recommended.
|
||||
|
||||
--without-libcap
|
||||
By default, if 'configure' finds libcap (the POSIX capabilities
|
||||
library) dumpcap will be built so that if it is installed setuid
|
||||
root, it will attempt to retain CAP_NET_RAW and CAP_NET_ADMIN
|
||||
before dropping root privileges. Use this option to disable this
|
||||
behavior.
|
||||
|
||||
--with-libcap=DIR
|
||||
Use this option to tell 'configure' where libcap is installed,
|
||||
if it is installed in a non-standard location. Note that libcap
|
||||
(the POSIX capabilities library, sans "p") and libpcap (the
|
||||
packet capture library, avec "p") are two very different things.
|
||||
|
||||
--without-pcap
|
||||
If you choose to build a packet analyzer that can analyze
|
||||
capture files but cannot capture packets on its own, but you
|
||||
|
|
|
@ -489,7 +489,7 @@ print_caps(char *pfx _U_) {
|
|||
static void
|
||||
relinquish_privs_except_capture(void)
|
||||
{
|
||||
/* If 'started_with_special_privs' (ie: suid) then enable for
|
||||
/* If 'started_with_special_privs' (ie: suid) then enable for
|
||||
* ourself the NET_ADMIN and NET_RAW capabilities and then
|
||||
* drop our suid privileges.
|
||||
*
|
||||
|
@ -2401,7 +2401,7 @@ main(int argc, char *argv[])
|
|||
/* This behaviour will apparently be changed in the kernel */
|
||||
/* to allow the kill (signal) in this case. */
|
||||
/* See the following for details: */
|
||||
/* http://www.mail-archive.com/ [wrapped] */
|
||||
/* http://www.mail-archive.com/ [wrapped] */
|
||||
/* linux-security-module@vger.kernel.org/msg02913.html */
|
||||
/* */
|
||||
/* It is therefore conceivable that if dumpcap somehow hangs */
|
||||
|
@ -2419,7 +2419,7 @@ main(int argc, char *argv[])
|
|||
/* drop all capabilities (NET_RAW and NET_ADMIN) */
|
||||
/* */
|
||||
/* ToDo: -S (stats) should drop privileges/capabilities when no */
|
||||
/* onger required (similar to capture). */
|
||||
/* longer required (similar to capture). */
|
||||
/* */
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
||||
|
|
Loading…
Reference in New Issue