Hi,

trying to get rid of "sudo", I've set setuid for "root" user on dumpcap. (SLES 10.3)

It's working fine with regard to capturing. However, the TMPDIR variable is ignored.

Is this a security feature? Does somebody know, how to circumvent this?

Best regards Philipp

asked 23 Feb '11, 05:25

pvh's gravatar image

pvh
1112
accept rate: 0%

edited 23 Feb '11, 05:26


This is, apparently, a glibc feature. See:

https://bugzilla.redhat.com/show_bug.cgi?id=129682#c1

and/or:

http://lists.gnu.org/archive/html/bug-glibc/2003-08/msg00076.html

Oh, and I can't think of a way to avoid it.

[Update] Don't forget to drop by and Accept this answer if it answered your question.

link

answered 29 Feb '12, 07:43

JeffMorriss's gravatar image

JeffMorriss ♦
3.3k448
accept rate: 26%

edited 09 Mar '12, 06:59

In fact, it's probably a feature of many UN\*Xes other than Linux distributions with glibc; environment variables are often ignored by programs and library routines when running set-UID, as they can be maliciously set in an attempt to trick the set-UID program into reading from or writing to files to which the user shouldn't be given access.

And, as such, there is no way to disable that feature. See, however, the Wireshark Wiki page on capture privileges for some information on how to give dumpcap sufficient privileges.

(29 Feb '12, 23:45) Guy Harris ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×50
×2
×1

Asked: 23 Feb '11, 05:25

Seen: 1,651 times

Last updated: 09 Mar '12, 06:59

powered by OSQA