Wireshark-bugs: [Wireshark-bugs] [Bug 7672] New: dumpcap gives up write privileges too early
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7672
Summary: dumpcap gives up write privileges too early
Product: Wireshark
Version: 1.8.2
Platform: x86
OS/Version: Fedora
Status: NEW
Severity: Major
Priority: Medium
Component: TShark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: jsafrane@xxxxxxxxxx
Jan Šafránek <jsafrane@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #9011| |review_for_checkin?
Flags| |
Created attachment 9011
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9011
proposed patch
Build Information:
TShark 1.8.2 (SVN Rev Unknown from unknown)
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.32.4, with libpcap, with libz 1.2.5, with POSIX
capabilities (Linux), with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, with
Python 2.7.3, with GnuTLS 2.12.17, with Gcrypt 1.5.0, with MIT Kerberos, with
GeoIP.
Running on Linux 3.5.2-1.fc17.x86_64, with locale en_US.UTF-8, with libpcap
version 1.2.1, with libz 1.2.5.
Built using gcc 4.7.0 20120507 (Red Hat 4.7.0-5).
--
On Fedora, we use NET_RAW and NET_ADMIN capabilities of /usr/sbin/dumpcap. When
root starts tshark -w file.pcap, dumpcap is forked and it relinquishes all it's
privileges *before* it opens file.pcap.
I.e. even though tshark/dumpcap was started by root, it cannot write its output
to read-only directories. This is something that root users don't expect.
There is a comment in dumpcap.c:main():
/* 3. Running logged in as root (euid=0; ruid=0). Using libcap. */
/* Action: */
/* - Near start of program: Enable NET_RAW and NET_ADMIN */
/* capabilities; Drop all other capabilities; */
/* - If not -w (ie: doing -S or -D, etc) run to completion; */
/* else: after pcap_open_live() in capture_loop_open_input() */
/* drop all capabilities (NET_RAW and NET_ADMIN); */
/* (Note: this means that the process, although logged in */
/* as root, does not have various permissions such as the */
/* ability to bypass file access permissions). */
/* XXX: Should we just leave capabilities alone in this case */
/* so that user gets expected effect that root can do */
/* anything ?? */
XXX has good point here. Attached patch moves the capabilities manipulation
after the output file was opened.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.