1 |
-----Original Message----- |
2 |
>From: Bob Young [mailto:RKY@×××××.net] |
3 |
>Sent: Thursday, May 01, 2008 10:03 AM |
4 |
>To: Gentoo-user List |
5 |
>Subject: [gentoo-user] Wireshark won't run except as root |
6 |
|
7 |
|
8 |
> I've emerged wireshark, and made myself a member of both the wireshark |
9 |
> group, and the tcpdump group, but still wireshark refuses to capture |
10 |
> packets if executed as a non root user. The error message is: "Couldn't |
11 |
> run dumpcap as a child process: Permission denied." |
12 |
> |
13 |
> A little research indicated that dumpcap should be installed suid root and |
14 |
> It appears that it is, but I still can't execute it as a non-root user: |
15 |
> |
16 |
> I'm sure it's probably something simple that I'm unaware of or not seeing |
17 |
> for some reason. Can anybody point out what I'm doing wrong. |
18 |
> |
19 |
> Thanks, |
20 |
> Bob Young |
21 |
> San Jose, CA. |
22 |
|
23 |
Well a little more experimentation proved that world has to have execute |
24 |
permission: |
25 |
|
26 |
[ 18:16:56 ] Thu May 01 /home/Cyor $ : su |
27 |
Password: |
28 |
[ 18:25:38 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ |
29 |
[ 18:28:52 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
30 |
52 -rwxr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
31 |
[ 18:28:58 ] Thu May 01 /usr/bin $ : chmod u+s ./dumpcap |
32 |
[ 18:29:26 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
33 |
52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
34 |
[ 18:29:30 ] Thu May 01 /usr/bin $ : exit |
35 |
exit |
36 |
[ 18:29:44 ] Thu May 01 /home/Cyor $ : whoami |
37 |
Cyor |
38 |
[ 18:30:11 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ |
39 |
[ 18:30:21 ] Thu May 01 /usr/bin $ : ./dumpcap |
40 |
bash: ./dumpcap: Permission denied |
41 |
[ 18:30:24 ] Thu May 01 /usr/bin $ : su |
42 |
Password: |
43 |
[ 18:31:18 ] Thu May 01 /usr/bin $ : whoami |
44 |
root |
45 |
[ 18:32:03 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
46 |
52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
47 |
[ 18:32:14 ] Thu May 01 /usr/bin $ : chmod o+x ./dumpcap |
48 |
[ 18:32:29 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
49 |
52 -rwsr-x--x 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
50 |
[ 18:32:34 ] Thu May 01 /usr/bin $ : exit |
51 |
exit |
52 |
[ 18:32:41 ] Thu May 01 /usr/bin $ : whoami |
53 |
Cyor |
54 |
[ 18:32:49 ] Thu May 01 /usr/bin $ : ./dumpcap |
55 |
File: /tmp/etherXXXX1wMVki |
56 |
^CPackets dropped: 0 |
57 |
|
58 |
My question is: If the wireshark GROUP has execute permission to dumpcap, |
59 |
and user Cyor is a member of the wireshark group, why can't Cyor execute |
60 |
dumpcap without the execute bit for everyone being set? |
61 |
|
62 |
Doesn't this mean that the entire world world (member of wireshark group or |
63 |
not) can execute an an SUID root program? |
64 |
|
65 |
If that's the case what's the purpose of having the wireshark group? |
66 |
|
67 |
Note: Cyor is a member of wireshark group: |
68 |
|
69 |
[ 18:32:55 ] Thu May 01 /usr/bin $ : cat /etc/group |
70 |
|
71 |
root::0:root |
72 |
. |
73 |
. |
74 |
.[snip] |
75 |
|
76 |
wheel::10:root,BYoung,Cyor |
77 |
wireshark:x:446:BYoung,Cyor |
78 |
ntp:x:123: |
79 |
tcpdump:x:447:Byoung,Cyor |
80 |
+:::::: |
81 |
|
82 |
|
83 |
Thanks, |
84 |
Bob Young |
85 |
San Jose, CA |
86 |
|
87 |
|
88 |
-- |
89 |
gentoo-user@l.g.o mailing list |