http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2228
--- Comment #5 from Peter <pva@xxxxxxxxxx> 2008-03-20 19:29:46 GMT ---
(In reply to comment #4)
> Arun, Peter, & Bill, are each of you configuring Wireshark with or without
> POSIX capabilities (libcap)?
Yes, with libcap.
camobap ~ # readelf -d /usr/bin/dumpcap | grep NEEDED
0x00000001 (NEEDED) Shared library: [libwiretap.so.0]
0x00000001 (NEEDED) Shared library: [libglib-2.0.so.0]
0x00000001 (NEEDED) Shared library: [libpcap.so.0]
0x00000001 (NEEDED) Shared library: [libcap.so.2]
0x00000001 (NEEDED) Shared library: [libpthread.so.0]
0x00000001 (NEEDED) Shared library: [libc.so.6]
camobap ~ # ls -al /usr/bin/dumpcap
-r-sr-s--- 1 root wireshark 50880 Мар 19 01:10 /usr/bin/dumpcap
> If dumpcap is setuid and it's not linked with libcap, it may not be able to
> change its userid back to the calling user.
It definitely change it's userid:
camobap ~ # ps axu | grep [d]umpcap
pva 28428 0.0 0.0 3172 1008 pts/13 S+ Mar18 0:00
/usr/bin/dumpcap -i ath0 -Z none
> should be able to kill dumpcap (although even this may not be the case as
> discussed in the linux-security-module mailing list thread linked in my last
> comment).
And seems that this is the issue. "setcap cap_kill=ep /usr/bin/wireshark" fixes
my issue. But I still need to understand this issue deeper to properly fix it
in Gentoo.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.