Wireshark-dev: Re: [Wireshark-dev] CapturePrivileges not working

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Roland Knall <rknall@xxxxxxxxx>
Date: Mon, 13 Oct 2014 11:07:43 +0200
Hi

No, it's a cmake out-of-tree build. There simply does not seem to be a way to set dumpcap correctly. Fun part is, that even dumpcap is set suid, it still does not bring any output run by my user with "dumpcap -D". Only "sudo dumpcap -D" lists any interfaces. With ldd the only library used is wsutil (which should not be an issue), and there are no residual .lib/lt-* files lying around. But I have also built it now with autotools (just to ensure that it is not a cmake-related issue), and still it does not work:

$ getcap dumpcap .libs/lt-dumpcap 
dumpcap = cap_net_admin,cap_net_raw+eip
.libs/lt-dumpcap = cap_net_admin,cap_net_raw+eip
$ ls -l dumpcap .libs/lt-dumpcap 
-rwxr-xr-x 1 knallr knallr   9120 Okt 13 11:02 dumpcap
-rwxr-xr-x 1 knallr knallr 279816 Okt 13 11:03 .libs/lt-dumpcap
$ ./dumpcap -D
dumpcap: There are no interfaces on which a capture can be done


Wireshark is the latest git btw.


So I am back at assuming it has something to do with my system. Uname output is: 

Linux ategge1877 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

And it is the libpcap0.8 package directly out of the repository. As I am working with extcap filters atm, it does not bother me that much, but I sure want to know, why it is not working.

regards
Roland


On Mon, Oct 13, 2014 at 10:07 AM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
What build system are you using?

If autofoo then remember dumpcap is actually a libtool shell script and Linux doesn't support setuid (and I'd guess also setcap) shell scripts. You'd need to put the permissions  on .libs/lt-dumpcap or whatever it is. 


On Monday, October 13, 2014, Roland Knall <rknall@xxxxxxxxx> wrote:
Hi

This might be a question for -users, but t seems, that the explanation on http://wiki.wireshark.org/CaptureSetup/CapturePrivileges does not seem to work anymore in Linux (running Mint 17, based on Ubuntu 14.04 LTS). 

I have set the dumpcap utility as defined the wiki-page, not using a group, and it does not work anymore, but has worked before.

Does anyone have an idea, what might have changed? The capabilities are indeed set. chmod 4750 does not work either. The only thing that seems to work is starting Wireshark as root. 

It works if I use wireshark from the original packages, but not if I run it from the build-directory.

regards,
Roland

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe