Wireshark-bugs: [Wireshark-bugs] [Bug 7672] dumpcap gives up write privileges too early
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7672
Michael Tüxen <tuexen@xxxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tuexen@xxxxxxxxxxxxx
--- Comment #3 from Michael Tüxen <tuexen@xxxxxxxxxxxxx> 2012-09-03 02:32:19 PDT ---
(In reply to comment #2)
> (In reply to comment #1)
> > The normal case, where dumpcap is run by a normal user (and because of this
> > either users captabilities or suid) is correct and gets broken by your patch.
> > Please let me know if I read this incorrectly.
>
> How exactly does it get broken? In the end, the wireshark process gives up all
> its privileges, just a bit later than before.
>
> The only difference I can think of is "sudo tshark -w /root/test.pcap". Current
> wireshark refuses to write to /root, because it gives up its write privileges.
> With my patch, the command succeeds. I think the later behavior is better, it's
> expected that commands under sudo can write anywhere.
Hmm. I haven't looked at the code, but if you are proposing to give up
privileges
after opening files, wouldn't that mean that it runs with privileges a long
time in
case of ring buffers are used? And I really don't like that....
Best regards
Michael
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.