diff options
-rw-r--r-- | INSTALL | 8 | ||||
-rw-r--r-- | doc/README.packaging | 5 |
2 files changed, 11 insertions, 2 deletions
@@ -138,7 +138,13 @@ README.win32 for those instructions. use this switch. --enable-setuid-install - Use this switch to install dumpcap as setuid. + Wireshark and TShark rely on dumpcap for packet capture. Setting this + flag installs dumpcap with setuid root permissions, which lets any user + on the system capture live traffic. If this is not desired, you can + restrict dumpcap's permissions so that only a single user or group can + run it. + + Running Wireshark or TShark as root is not recommended. --without-pcap If you choose to build a packet analyzer that can analyze diff --git a/doc/README.packaging b/doc/README.packaging index 7b43e1da26..400b36e6cd 100644 --- a/doc/README.packaging +++ b/doc/README.packaging @@ -46,7 +46,10 @@ interfaces: "--enable-setuid-install" and "--with-libcap". Setting "--enable-setuid-install" to "yes" will install dumpcap setuid root. This is necessary for non-root users to be able to capture on most systems, e.g. on Linux or FreeBSD if the user doesn't have permissions -to access /dev/bpf*. It is disabled by default. +to access /dev/bpf*. It is disabled by default. Note that enabling this +allows packet capture for ALL users on your system. If this is not +desired, you should restrict dumpcap execution to a specific group or +user. If the "--with-libcap" option is enabled, dumpcap will try to drop any setuid privileges it may have while retaining the CAP_NET_ADMIN and |