]> The Tcpdump Group git mirrors - libpcap/commitdiff
Add a script to change the permissions of /dev/bpf*, and a launchd plist
authorguy <guy>
Wed, 28 May 2008 02:14:10 +0000 (02:14 +0000)
committerguy <guy>
Wed, 28 May 2008 02:14:10 +0000 (02:14 +0000)
for it, for Mac OS X 10.4 and later.  (The script could be useful for
BPF-based systems that don't use devfs as well.) We're not installing it
at this point; that might happen later.

Makefile.in
chmod_bpf [new file with mode: 0755]
org.tcpdump.chmod_bpf.plist [new file with mode: 0644]

index f944763bcb0acbc61959900c72e642e5e650a68d..c666e751d589cf59669f0d8a9d1628207fa752c2 100644 (file)
@@ -17,7 +17,7 @@
 #  WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 #  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 #
-# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.123 2008-05-27 07:17:04 guy Exp $ (LBL)
+# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.124 2008-05-28 02:14:10 guy Exp $ (LBL)
 
 #
 # Various configurable paths (remember to edit Makefile.in, not Makefile)
@@ -199,6 +199,7 @@ EXTRA_DIST = \
        VERSION \
        aclocal.m4 \
        bpf/net/bpf_filter.c \
+       chmod_bpf \
        config.guess \
        config.h.in \
        config.sub \
@@ -239,6 +240,7 @@ EXTRA_DIST = \
        msdos/pktdrvr.h \
        msdos/readme.dos \
        net/bpf_filter.c \
+       org.tcpdump.chmod_bpf.plist \
        packaging/pcap.spec \
        packaging/pcap.spec.in \
        pcap-bpf.c \
diff --git a/chmod_bpf b/chmod_bpf
new file mode 100755 (executable)
index 0000000..0a30d99
--- /dev/null
+++ b/chmod_bpf
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+#
+# Unfortunately, Mac OS X's devfs is based on the old FreeBSD
+# one, not the current one, so there's no way to configure it
+# to create BPF devices with particular owners or groups.
+# This startup item will make it owned by the admin group,
+# with permissions rw-rw----, so that anybody in the admin
+# group can use programs that capture or send raw packets.
+#
+# Change this as appropriate for your site, e.g. to make
+# it owned by a particular user without changing the permissions,
+# so only that user and the super-user can capture or send raw
+# packets, or give it the permissions rw-r-----, so that
+# only the super-user can send raw packets but anybody in the
+# admin group can capture packets.
+#
+chgrp admin /dev/bpf*
+chmod g+rw /dev/bpf*
diff --git a/org.tcpdump.chmod_bpf.plist b/org.tcpdump.chmod_bpf.plist
new file mode 100644 (file)
index 0000000..cfe486d
--- /dev/null
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+       <key>Label</key>
+       <string>org.tcpdump.chmod_bpf</string>
+       <key>OnDemand</key>
+       <false/>
+       <key>Program</key>
+       <string>/usr/local/bin/chmod_bpf</string>
+       <key>ProgramArguments</key>
+       <array>
+               <string>/usr/local/bin/chmod_bpf</string>
+       </array>
+</dict>
+</plist>