Hi all,
First: massive thanks to Ulf for all the work he's been doing on
privilege separation. It's definitely a really important feature that's
been missing for ever.
Ulf Lamping wrote:
Just as Wireshark is doing it already for some time, tshark now also use
dumpcap to capture stuff (to seperate the "potential dangerous"
dissection from the "root required" capturing). tshark calls dumpcap
with a set of command line options (capture interface, capture file
name, ...) and establishes a pipe to dumpcap. Now dumpcap captures
packets into a temporary file, a named file or some ringbuffer files and
notices tshark events through a pipe, e.g. a new file was opened, some
packets rushed in, ...
Ok, first question: when being used by {wire,t}shark, is a temporary
file really the best way for dumpcap to write its captured data? The
unix way to do this would be to write it down a separarate pipe (so
wireshark/tshark would run dumpcap with a magic option saying "write
your captured data to fd X); however I don't know enough about windows
to know how portable that would be. A temporary file works fine anyway,
I guess.
Now the two problems in the buildbot test are:
a) dumping to stdout (using -w -)
Dumping to stdout will mix up with the pipe (standard-)output, so this
cannot work as before. BTW: Wireshark cannot capture to stdout for the
same reason (or am I missinformed here?).
I don't understand this at all. If I want to use tshark to capture and
write to stdout, why shouldn't I? Surely that doesn't interfere with the
pipe between tshark and dumpcap?
Solution: to dump to stdout, use dumpcap - it's build for that purpose.
Well, ish - though as you notice below, it doesn't support read filters
(nor should it). If I want to perform a capture, with read filtering, to
stdout, then tshark should be able to do this for me.
Document that dumping to stdout doesn't work with tshark / Wireshark and
prevent "-w -" command line option.
This would be a shame.
b) read filter
dumpcap doesn't know anything about display filter syntax -
> ...
Solution: Drop read filters completely, they don't really fit in the
concept of privilege seperation. Document the change and prevent the
according command line option(s).
Yes they do: tshark does the read-filtering in as the ordinary user, and
dumpcap does the capturing as root.
Please note: I'm not argueing against the usefullness of both options,
but they don't fit into the idea of privilege seperation and the current
implementation of it. So I don't see a good way to "re-"implement them ...
Perhaps I'm missing something important here - but I don't understand
what the problem is.
Regards,
Richard
