Wireshark-bugs: [Wireshark-bugs] [Bug 7672] dumpcap gives up write privileges too early
Date: Mon, 3 Sep 2012 06:15:19 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7672

--- Comment #6 from Jan Šafránek <jsafrane@xxxxxxxxxx> 2012-09-03 06:15:19 PDT ---
(In reply to comment #5)
> (In reply to comment #4)
> > The sequence in capture_loop_start() is:
> > capture_loop_open_input()
> > capture_loop_init_filter()
> > capture_loop_open_output()
> > 
> > So there will be just capture_loop_init_filter() called with still elevated
> > privileges. I might change the sequence of course to open_output() first and
> > init_filter() after that if you think it's safer.
> 
> I'm more concerned about the case where you use ring buffers. This means that
> ringbuf_switch_file() gets called after some amount of time or packets and
> creates
> new files.
> 
> If I'm not missing anything, you can't give up the privileges in this case at
> all. Or
> am I wrong?

Dunno, I haven't tested this. But it is already broken, my patch only fixes
certain use cases.

It seems to me that better design is needed here.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.