Re: CapturePrivileges not working

[Roland Knall <rknall () gmail com>]

Hi

No, it's a cmake out-of-tree build. There simply does not seem to be a way
to set dumpcap correctly. Fun part is, that even dumpcap is set suid, it
still does not bring any output run by my user with "dumpcap -D". Only
"sudo dumpcap -D" lists any interfaces. With ldd the only library used is
wsutil (which should not be an issue), and there are no residual .lib/lt-*
files lying around. But I have also built it now with autotools (just to
ensure that it is not a cmake-related issue), and still it does not work:

$ getcap dumpcap .libs/lt-dumpcap
dumpcap = cap_net_admin,cap_net_raw+eip
.libs/lt-dumpcap = cap_net_admin,cap_net_raw+eip
$ ls -l dumpcap .libs/lt-dumpcap
-rwxr-xr-x 1 knallr knallr   9120 Okt 13 11:02 dumpcap
-rwxr-xr-x 1 knallr knallr 279816 Okt 13 11:03 .libs/lt-dumpcap
$ ./dumpcap -D
dumpcap: There are no interfaces on which a capture can be done


Wireshark is the latest git btw.


So I am back at assuming it has something to do with my system. Uname
output is:

Linux ategge1877 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC
2014 x86_64 x86_64 x86_64 GNU/Linux

And it is the libpcap0.8 package directly out of the repository. As I am
working with extcap filters atm, it does not bother me that much, but I
sure want to know, why it is not working.

regards
Roland


On Mon, Oct 13, 2014 at 10:07 AM, Jeff Morriss <jeff.morriss.ws () gmail com>
wrote:

> What build system are you using?
>
> If autofoo then remember dumpcap is actually a libtool shell script
> and Linux doesn't support setuid (and I'd guess also setcap) shell scripts.
> You'd need to put the permissions  on .libs/lt-dumpcap or whatever it is.
>
>
> On Monday, October 13, 2014, Roland Knall <rknall () gmail com> wrote:
>
> > Hi
> >
> > This might be a question for -users, but t seems, that the explanation on
> > http://wiki.wireshark.org/CaptureSetup/CapturePrivileges does not seem
> > to work anymore in Linux (running Mint 17, based on Ubuntu 14.04 LTS).
> >
> > I have set the dumpcap utility as defined the wiki-page, not using a
> > group, and it does not work anymore, but has worked before.
> >
> > Does anyone have an idea, what might have changed? The capabilities are
> > indeed set. chmod 4750 does not work either. The only thing that seems to
> > work is starting Wireshark as root.
> >
> > It works if I use wireshark from the original packages, but not if I run
> > it from the build-directory.
> >
> > regards,
> > Roland
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe