Wireshark-bugs: [Wireshark-bugs] [Bug 2288] Selecting multiple files with any options creates an
Date: Fri, 22 Feb 2008 22:33:53 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2288





--- Comment #7 from Bill Meier <wmeier@xxxxxxxxxxx>  2008-02-22 22:33:50 GMT ---
[I now understand things are a bit more complicated than I first thought :)  ]

Results of further analysis: 

1. The problem as originally reported exists and can be seen by starting a
wireshark capture to a file in a directory for which the user does not have
write permission.

The popup window says only: "Child capture process exited: exit status 2"

Stderr shows:
16:34:47          Warn Unknown message from dumpcap, try to show it as a
string: Error testing whether capture file is a pipe: Permission denied"

(Would a user always see the stderr output someplace ??).

2. The essence of the problem: When dumpcap runs in child mode (-Z), any
messages output by dumpcap to stderr which are not in the special
<strlen><string> format
will cause wireshark to dump the message to the log (g_warning) and not process
the message (ie: show it in a warning pop-up).

(2a: For tshark the situation is worse: any non-specially-formatted error
messages output by dumpcap to stderr will not appear at all since tshark is
suppressing the g_warning messages caused by the 'invalid messages'. Note that
'write file permissions' issues do not cause a problem in tshark since the file
permissions checking is apparently still done in tshark).

3. Looking at dumpcap: there are a number of messages output directly to stderr
including those from errors while processing the command-line arguments. Many
"should not happen" but there are a few (as above) which *can* happen during
normal use of dumpcap by wireshark & tshark. In some cases these messages are
output before dumpcap has even determined if it is running as a child such that
(for the current code) it is too early to even determine if the 'special
format' messages are required.

4. So: what's a fix ??

   I've not really worked on the "privilege separation" effort so I don't
   really understand the details of this code; 
   However a solution might be as follows:

a. Determine immediately upon dumpcap start-up whether dumpcap is running as a
child. How to do this ? pre-parse the cmd-line args ? isapipe somehow ?

b. All dumpcap stderr messages (whether perror() or cmdarg_err() or ...
   must then use the special format if dumpcap is running as a child.

5. The above seems a bit messy; 
   Is there another approach ? A separate channel for the "special" messages ?

Would a quick and dirty fix be to put the "trying to show text ..." text in the
pop-up when an 'invalid message' is received ?

============

On a separate note: I propose that tshark should at least:
Determine the default log levels for which to do output based upon the prefs
(the same way as is done in wireshark).

Since the default g-log levels include "warning" tshark will output at least 
*something* when dumpcap outputs a "non-specially-formatted" message when
running as a tshark child.

Is there any reason that tshark currently doesn't have warning messages
enabled?

Thoughts ? Comments ?


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.