Wireshark-bugs: [Wireshark-bugs] [Bug 2228] Stop capture doesn't work
Date: Thu, 20 Mar 2008 18:45:15 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2228


Bugzilla administrator <bugzilla-admin@xxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugzilla-admin@xxxxxxxxxxxxx




--- Comment #4 from Bugzilla administrator <bugzilla-admin@xxxxxxxxxxxxx>  2008-03-20 18:45:12 GMT ---
Arun, Peter, & Bill, are each of you configuring Wireshark with or without
POSIX capabilities (libcap)?

If dumpcap is setuid and it's not linked with libcap, it may not be able to
change its userid back to the calling user. For example, when you open the
"Interfaces" dialog in Wireshark, dumpcap opens and closes each interface each
time statistics are gathered, and needs to remain root in order to do so. You
may or may not be able to kill dumpcap in this case depending on the polices
present in your kernel.

If dumpcap is setuid and linked with libcap, it should always change its userid
back to the calling user once it has grabbed CAP_NET_RAW and CAP_NET_ADMIN. You
should be able to kill dumpcap (although even this may not be the case as
discussed in the linux-security-module mailing list thread linked in my last
comment).

FWIW, Ubuntu 7.10 doesn't seem to care either way - I can kill dumpcap no
matter what.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.