1 |
Hi! |
2 |
|
3 |
On Sat, Jan 28, 2012 at 03:50:22AM +0200, Alex Efros wrote: |
4 |
> #0 0xb749f152 in __readdir64 (dirp=0x0) at ../sysdeps/unix/readdir.c:45 |
5 |
> dp = <optimized out> |
6 |
> saved_errno = <optimized out> |
7 |
> #1 0xb759d7ea in scan_sys_class_net (devlistp=0xbfffe488, |
8 |
> errbuf=0xbfffe4dc "tun0: You don't have permission to capture on that device (socket: Operation not permitted)") at ./pcap-linux.c:1832 |
9 |
> sys_class_net_d = 0x0 |
10 |
|
11 |
Ok, I'm not a C developer (you see, I don't even know how to use gdb), but |
12 |
with so much information even I see what's the problem is: |
13 |
|
14 |
in libpcap-1.1.1-r1: |
15 |
pcap-linux.c:1816: |
16 |
|
17 |
sys_class_net_d = opendir("/sys/class/net"); |
18 |
if (sys_class_net_d == NULL && errno == ENOENT) |
19 |
return (0); |
20 |
... |
21 |
for (;;) { |
22 |
errno = 0; |
23 |
ent = readdir(sys_class_net_d); |
24 |
|
25 |
the second line with if looks just plain wrong. Moreover, as far as I see, |
26 |
in libpcap-1.2.1 they've already fixed this: |
27 |
pcap-linux.c:1949: |
28 |
|
29 |
sys_class_net_d = opendir("/sys/class/net"); |
30 |
if (sys_class_net_d == NULL) { |
31 |
if (errno == ENOENT) |
32 |
return (0); |
33 |
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE, |
34 |
"Can't open /sys/class/net: %s", pcap_strerror(errno)); |
35 |
return (-1); |
36 |
} |
37 |
|
38 |
So, I'm going to upgrade libpcap to latest ~x86 version and see is this |
39 |
really fix this bug… Okay, here it is: |
40 |
|
41 |
$ dumpcap |
42 |
dumpcap: Can't get list of interfaces: Can't open /sys/class/net: Permission denied |
43 |
|
44 |
So, wireshark still doesn't work on hardened under non-root, but doesn't |
45 |
crash anymore, that's a big progress. |
46 |
|
47 |
-- |
48 |
WBR, Alex. |