Wireshark-bugs: [Wireshark-bugs] [Bug 7672] dumpcap gives up write privileges too early

Date: Mon, 3 Sep 2012 02:32:20 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7672

Michael Tüxen <tuexen@xxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tuexen@xxxxxxxxxxxxx

--- Comment #3 from Michael Tüxen <tuexen@xxxxxxxxxxxxx> 2012-09-03 02:32:19 PDT ---
(In reply to comment #2)
> (In reply to comment #1)
> > The normal case, where dumpcap is run by a normal user (and because of this
> > either users captabilities or suid) is correct and gets broken by your patch.
> > Please let me know if I read this incorrectly.
> 
> How exactly does it get broken? In the end, the wireshark process gives up all
> its privileges, just a bit later than before.
> 
> The only difference I can think of is "sudo tshark -w /root/test.pcap". Current
> wireshark refuses to write to /root, because it gives up its write privileges.
> With my patch, the command succeeds. I think the later behavior is better, it's
> expected that commands under sudo can write anywhere.

Hmm. I haven't looked at the code, but if you are proposing to give up
privileges
after opening files, wouldn't that mean that it runs with privileges a long
time in
case of ring buffers are used? And I really don't like that....

Best regards
Michael

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.