[Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs(), potential security hole
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523 --- Comment #6 from Gerald Combs --- (In reply to Christopher Maynard from comment #5) > (In reply to Gerald Combs from comment #3) > > The "Privileges" section of doc/README.packaging suggests running dumpcap > > setuid root and optionally restricting it to a specific user or group. > > Should this be changed? > > With master, there is no more doc/README.packaging file. I don't know why > it was removed. It was moved to the "Packaging" chapter in the Developer's Guide: https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBinary.html The git-log documentation seems to go out of its way to avoid saying so, but can show the log for deleted files using `git log -- ...`, e.g. `git log -- doc/README.packaging`. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs(), potential security hole
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523 Christopher Maynard changed: What|Removed |Added Component|GTK+ UI |Dumpcap --- Comment #5 from Christopher Maynard --- (In reply to Gerald Combs from comment #3) > The "Privileges" section of doc/README.packaging suggests running dumpcap > setuid root and optionally restricting it to a specific user or group. > Should this be changed? With master, there is no more doc/README.packaging file. I don't know why it was removed. (In reply to Christopher Maynard from comment #4) > Is this bug still relevant then with the Qt UI, or can it be closed? Regardless of whether it can be closed or not, this bug seems less about the UI than about capturing, so I've changed the component to Dumpcap. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs(), potential security hole
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523 --- Comment #4 from Christopher Maynard --- (In reply to Guy Harris from comment #2) > (I'm also not sure whether GTK+, when running as root, will load user > theming plugins; Wireshark is a GTK+ application) Not for much longer. The GTK+ UI is deprecated. Is this bug still relevant then with the Qt UI, or can it be closed? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs(), potential security hole
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523 --- Comment #1 from Guy Harris g...@alum.mit.edu 2009-06-10 03:06:22 PDT --- The started_with_special_privs() was designed around set-UID, not around sudo. We could *extend* it to check *both* for running set-UID and as root - note that merely checking whether the real or effective user or group ID is 0 is *not* sufficient, as it doesn't check whether the saved set-user ID or set-grpup ID is 0, and if, for example, the saved set-user ID is 0, a plugin could grab root privileges by changing the effective user ID to 0. (That's one of the reasons why issetugid() was created.) Thus, to make the results consistent, the on-HAVE_ISSETUGID version would have to somehow check whether you have a saved set-user ID or saved set-group ID of 0; attempting to do seteuid(0) or setegid(0) might be sufficient for that, although that wouldn't help if there are platforms that have issetugid() but don't have seteuid() or setegid(). -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs(), potential security hole
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523 Guy Harris g...@alum.mit.edu changed: What|Removed |Added Platform|x86 |All --- Comment #2 from Guy Harris g...@alum.mit.edu 2009-06-10 13:17:46 PDT --- BTW, Wireshark is a Really Big Program (as is TShark), and, even without user plugins, you might want to think twice about running it as root. You might want to consider making dumpcap set-UID root instead. (I'm also not sure whether GTK+, when running as root, will load user theming plugins; Wireshark is a GTK+ application) That would mean that anybody could do captures; perhaps dumpcap needs to have some way of specifying which users are allowed to use it. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs(), potential security hole
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523 Gerald Combs ger...@wireshark.org changed: What|Removed |Added CC||ger...@wireshark.org --- Comment #3 from Gerald Combs ger...@wireshark.org 2009-06-10 13:33:50 PDT --- The Privileges section of doc/README.packaging suggests running dumpcap setuid root and optionally restricting it to a specific user or group. Should this be changed? In regard to the original bug report that section also says in all caps: WIRESHARK CONTAINS OVER ONE POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe