Wireshark-bugs: [Wireshark-bugs] [Bug 2327] Permission issue with non root directories < Child c
Date: Wed, 5 Mar 2008 00:18:09 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2327


Gerald Combs <gerald@xxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gerald@xxxxxxxxxxxxx
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




--- Comment #3 from Gerald Combs <gerald@xxxxxxxxxxxxx>  2008-03-05 00:18:04 GMT ---
If the POSIX capabilities library is present on the system, dumpcap will link
with it by default and use it to drop everything except CAP_NET_ADMIN and
CAP_NET_RAW. If dumpcap is setuid root, and was started as a normal user, it
will then setuid back to that user. At this point dumpcap is running as a
normal user, but has capture privileges.  A side effect of this is that if
you're running as root, you can no longer write to non-root directories.

The recommended fix for this is to not run as root in the first place. :)
If you absolutely must run Wireshark as root under Linux, you can configure it
with --without-libcap to disable the capabilities behavior.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.