Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 457084

Summary: net-analyzer/wireshark-1.8.5-r1 - non-root user cannot see network interfaces?
Product: Gentoo Linux Reporter: Kobboi <gentoo>
Component: Current packagesAssignee: Netmon Herd <netmon>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Kobboi 2013-02-13 13:44:44 UTC
Before this revision, there used to be a message informing me of "fallback to suid". Has xattr support become a requirement?

>>> Messages generated by process 1655 on 2013-02-12 07:40:05 CET for package net-analyzer/wireshark-1.8.5-r1:

WARN: postinst
Could not set caps on '//usr/bin/dumpcap' due to missing filesystem support.
Make sure you enable XATTR support for 'reiserfs' in your kernel.
You might also have to enable the relevant FS_SECURITY option.
NOTE: To run wireshark as normal user you have to add yourself to
the wireshark group. This security measure ensures that only trusted
users are allowed to sniff your traffic.


Reproducible: Always
Comment 1 Kobboi 2013-02-13 14:45:16 UTC
I forgot to add that I am now unable to run Wireshark as non-root. There are no network interfaces visible in the interface selection lists.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-13 19:07:32 UTC
Did you add yourself to the wireshark group?
Comment 3 Kobboi 2013-02-13 23:13:56 UTC
Yes, I am. Note that I have been using the wireshark ebuilds on the system in question for years. And it just now fails. Meanwhile, at home, I am also running 1.8.5-r1, without any problems. Could you help me investigate what is going on at work? What kind of other feedback could be of help?
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-14 04:27:10 UTC
(In reply to comment #1)
> I forgot to add that I am now unable to run Wireshark as non-root.

How is the above statement linked to the one below?

> There are no network interfaces visible in the interface selection lists.

Is it the case that you cannot see network interfaces but you can actually run wireshark as non-root?

If so, then what are your network interfaces called?
Comment 5 Kobboi 2013-02-14 13:08:57 UTC
I can run the wireshark GUI as non-root, but no interfaces are available for capture. Not the "regular" networking interfaces (ETHWAN, VDSL, LAB, wwan0, lo), nor the USB monitoring interfaces.
Comment 6 Kobboi 2013-02-14 13:19:22 UTC
I downgraded to 1.8.5, works perfectly, network interfaces are visible.

[binary     U  ] net-analyzer/wireshark-1.8.5-r1:0/1.8.5 [1.8.5:0/0] USE="filecaps%* gtk ipv6 pcap ssl zlib -adns -crypt -doc -doc-pdf -geoip -kerberos -libadns -lua -portaudio -profile -python (-selinux) -smi (-caps%*)" 0 kB

1.8.5:
-r-sr-x--- 1 root wireshark    80960 Jan 30 04:43 /usr/bin/dumpcap

1.8.5-r1:
-r-xr-x--- 1 root wireshark    80960 Feb 13 15:40 /usr/bin/dumpcap

Any particular reason there is no "setuid fallback" anymore?
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-14 15:00:08 UTC
I missed some bits in trying to fix bug #454770, it seems.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-25 12:55:58 UTC
Could you try again with 1.8.5-r1 or 1.9.0, please?
Comment 9 Kobboi 2013-02-25 15:21:24 UTC
Same problem with wireshark-1.9.0.ebuild. What behavior would you expect? It is true that my file system does not support extended attributes. The old ebuild would fall back to using a setuid bit. You seem to have removed that code from the ebuild. Is there more to it?
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-25 15:31:10 UTC
Ah yes, the fcaps function in the -r0 ebuild does something extra. Could you test this, then? If I'm correct, -m sets the fallback mode in case USE=-filecaps, which seems nice:



Index: wireshark-1.6.13-r1.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.6.13-r1.ebuild,v
retrieving revision 1.2
diff -u -B -r1.2 wireshark-1.6.13-r1.ebuild
--- wireshark-1.6.13-r1.ebuild  22 Feb 2013 17:19:09 -0000      1.2
+++ wireshark-1.6.13-r1.ebuild  25 Feb 2013 15:29:29 -0000
@@ -189,7 +189,7 @@
        enewgroup wireshark

        if use pcap; then
-               fcaps -o 0 -g wireshark -m 0750 -M 550 \
+               fcaps -o 0 -g wireshark -m 4750 -M 550 \
                        cap_dac_read_search,cap_net_raw,cap_net_admin \
                        "${EROOT}"/usr/bin/dumpcap
        fi
Index: wireshark-1.8.5-r1.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.8.5-r1.ebuild,v
retrieving revision 1.2
diff -u -B -r1.2 wireshark-1.8.5-r1.ebuild
--- wireshark-1.8.5-r1.ebuild   22 Feb 2013 18:18:03 -0000      1.2
+++ wireshark-1.8.5-r1.ebuild   25 Feb 2013 15:29:29 -0000
@@ -197,7 +197,7 @@
        enewgroup wireshark

        if use pcap; then
-               fcaps -o 0 -g wireshark -m 0750 -M 0750 \
+               fcaps -o 0 -g wireshark -m 4750 -M 0750 \
                        cap_dac_read_search,cap_net_raw,cap_net_admin \
                        "${EROOT}"/usr/bin/dumpcap
        fi
Index: wireshark-1.9.0.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.9.0.ebuild,v
retrieving revision 1.6
diff -u -B -r1.6 wireshark-1.9.0.ebuild
--- wireshark-1.9.0.ebuild      22 Feb 2013 18:28:26 -0000      1.6
+++ wireshark-1.9.0.ebuild      25 Feb 2013 15:29:29 -0000
@@ -197,7 +197,7 @@
        enewgroup wireshark

        if use pcap; then
-               fcaps -o 0 -g wireshark -m 0750 -M 0750 \
+               fcaps -o 0 -g wireshark -m 4750 -M 0750 \
                        cap_dac_read_search,cap_net_raw,cap_net_admin \
                        "${EROOT}"/usr/bin/dumpcap
        fi
Comment 11 Kobboi 2013-02-25 16:22:59 UTC
-rwsr-x--- 1 root wireshark 93664 Feb 25 17:11 /usr/bin/dumpcap

Not sure why you would want it to be writeable though
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-25 18:53:21 UTC
(In reply to comment #11)
> -rwsr-x--- 1 root wireshark 93664 Feb 25 17:11 /usr/bin/dumpcap

That looks alright. I assume it works as expected now?

> Not sure why you would want it to be writeable though

It's quite common. :)
Comment 13 Kobboi 2013-02-26 08:47:46 UTC
Fixed in tree