http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2228
--- Comment #7 from Bill Meier <wmeier@xxxxxxxxxxx> 2008-03-20 20:19:51 GMT ---
> Arun, Peter, & Bill, are each of you configuring Wireshark with or without
> POSIX capabilities (libcap)?
> If dumpcap is setuid and it's not linked with libcap, it may not be able to
> change its userid back to the calling user.
Yes: I'm linking with libcap and yes the setting of the userid is working
OK.
> should be able to kill dumpcap (although even this may not be the case as
> discussed in the linux-security-module mailing list thread linked in my last
> comment).
In my case Wireshark is unable to kill dumpcap as discussed on the
linux=security-module list.
I'm running Linux 2.6.24.3-34.fc8
Unfortunately The "setcap" command & etc doesn't seem to be available on my
out-of-the-box fc8. (File associated capabilities not part of Fedora 8 kernel?)
FWIW: The definition of CAP_KILL seems to indicate that a process with
this capability can kill *any* process.
From /usr/include/sys/capability.h
/* Overrides the restriction that the real or effective user ID of a
process sending a signal must match the real or effective user ID
of the process receiving the signal. */
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
