Wireshark-bugs: [Wireshark-bugs] [Bug 7672] dumpcap gives up write privileges too early
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7672
--- Comment #6 from Jan Šafránek <jsafrane@xxxxxxxxxx> 2012-09-03 06:15:19 PDT ---
(In reply to comment #5)
> (In reply to comment #4)
> > The sequence in capture_loop_start() is:
> > capture_loop_open_input()
> > capture_loop_init_filter()
> > capture_loop_open_output()
> >
> > So there will be just capture_loop_init_filter() called with still elevated
> > privileges. I might change the sequence of course to open_output() first and
> > init_filter() after that if you think it's safer.
>
> I'm more concerned about the case where you use ring buffers. This means that
> ringbuf_switch_file() gets called after some amount of time or packets and
> creates
> new files.
>
> If I'm not missing anything, you can't give up the privileges in this case at
> all. Or
> am I wrong?
Dunno, I haven't tested this. But it is already broken, my patch only fixes
certain use cases.
It seems to me that better design is needed here.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.