http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2288
--- Comment #7 from Bill Meier <wmeier@xxxxxxxxxxx> 2008-02-22 22:33:50 GMT ---
[I now understand things are a bit more complicated than I first thought :) ]
Results of further analysis:
1. The problem as originally reported exists and can be seen by starting a
wireshark capture to a file in a directory for which the user does not have
write permission.
The popup window says only: "Child capture process exited: exit status 2"
Stderr shows:
16:34:47 Warn Unknown message from dumpcap, try to show it as a
string: Error testing whether capture file is a pipe: Permission denied"
(Would a user always see the stderr output someplace ??).
2. The essence of the problem: When dumpcap runs in child mode (-Z), any
messages output by dumpcap to stderr which are not in the special
<strlen><string> format
will cause wireshark to dump the message to the log (g_warning) and not process
the message (ie: show it in a warning pop-up).
(2a: For tshark the situation is worse: any non-specially-formatted error
messages output by dumpcap to stderr will not appear at all since tshark is
suppressing the g_warning messages caused by the 'invalid messages'. Note that
'write file permissions' issues do not cause a problem in tshark since the file
permissions checking is apparently still done in tshark).
3. Looking at dumpcap: there are a number of messages output directly to stderr
including those from errors while processing the command-line arguments. Many
"should not happen" but there are a few (as above) which *can* happen during
normal use of dumpcap by wireshark & tshark. In some cases these messages are
output before dumpcap has even determined if it is running as a child such that
(for the current code) it is too early to even determine if the 'special
format' messages are required.
4. So: what's a fix ??
I've not really worked on the "privilege separation" effort so I don't
really understand the details of this code;
However a solution might be as follows:
a. Determine immediately upon dumpcap start-up whether dumpcap is running as a
child. How to do this ? pre-parse the cmd-line args ? isapipe somehow ?
b. All dumpcap stderr messages (whether perror() or cmdarg_err() or ...
must then use the special format if dumpcap is running as a child.
5. The above seems a bit messy;
Is there another approach ? A separate channel for the "special" messages ?
Would a quick and dirty fix be to put the "trying to show text ..." text in the
pop-up when an 'invalid message' is received ?
============
On a separate note: I propose that tshark should at least:
Determine the default log levels for which to do output based upon the prefs
(the same way as is done in wireshark).
Since the default g-log levels include "warning" tshark will output at least
*something* when dumpcap outputs a "non-specially-formatted" message when
running as a tshark child.
Is there any reason that tshark currently doesn't have warning messages
enabled?
Thoughts ? Comments ?
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.