http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2228
--- Comment #10 from Bill Meier <wmeier@xxxxxxxxxxx> 2008-03-21 02:48:09 GMT ---
Ok: After some research and testing into stuff rather new to me I think this is
what is happening:
Summary
-------
On my Fedora 8 ("out of the box") system, if a process has *any*
special capabilities, then an attempt to kill (signal)
that process from another process w/o privileges will fail
(whether or not the ruid and rgid of each of the two processes
is the same).
I would guess that this is what is being discussed
on the linux-security-module list.
Details
-------
On my Fedora 8 system:
1. suid ping relinquishes privileges in what I now understand to be the
standard way (after taking the action which requires privilege):
<privileged action>
/* drop privileges */
ruid=getuid(); /* gets real uid */
setuid(ruid); /* sets both real and effective uid */
When this is done on a system with process capabilities, the effect is
that the suid clears all the capability sets of the process.
Thus: kill(signal) from another process with same ruid and rgid will work.
2. The current suid dumpcap does two things before "relinquishing
(most) privileges"
prctl(PR_SET_KEEPCAPS, TRUE, ...);
<enable the CAP_NET_ADMIN & CAP_NET_RAW capabilities>
...
setuid(ruid);
Net result: the process euid and egid are "normal" but the process has
certain special privileges.
At this point, a kill (signal) from another unprivileged process
(whether with the same euid & egid or not) is "not allowed".
I don't have any real suggestions at this point....
(I suppose one could give Wireshark the CAP_KILL capaility but this
seems rather tricky/messy especially for systems without capset).
---------
Also: When using suid dumpcap with libcap
I should note that I've now noticed that an attempt to close wireshark
by clicking on the upper right 'x' in window ends up causing a
loop wherein wireshark continually tries to send a SIGTERM to dumpcap
every second or so.
Clicking the upper right x a few more times finally causes
wireshark to exit.
I've committed a small change to capture_sync.c to emit a message
to the log if sending a signal to the child fails.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.