Bug 1013234
Summary: | wireshark's USB capture does not work | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mansour Behabadi <mansour> | ||||
Component: | wireshark | Assignee: | Peter Hatina <phatina> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | huzaifas, lemenkov, phatina, rvokal, tsmetana | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | wireshark-1.10.3-8.fc21 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-12-18 14:42:27 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Mansour Behabadi
2013-09-28 16:33:48 UTC
Created attachment 804458 [details]
patch to fix the bug (quick and dirty - not recommended)
The issue is that dumpcap cannot read the relevant dev files (ie it only has cap_net_raw and cap_net_admin capabilities - run `getcap /usr/sbin/dumpcap`).
The fix (patch attached) I have found is to allow dumpcap to have read capability (cap_dac_read_search). This does seem a little too permissive (ie dumpcap can read any file anywhere) and maybe a SELinux policy would be a better choice here to only give wireshark access to what it needs.
Running `strace dumpcap -D`, following devs are accessed by wireshark on my machine, all of which are denied access:
/sys/bus/usb/devices
/sys/kernel/debug/usb/usbmon/1t
/sys/kernel/debug/usb/usbmon/2t
/sys/kernel/debug/usb/usbmon/3t
/sys/kernel/debug/usb/usbmon/4t
/dev/usbmon1
/dev/usbmon2
/dev/usbmon3
/dev/usbmon4
Just saw an update (1.10.3) to wireshark for f19, with no news on this bug. Has this been looked into yet? (In reply to Mansour Behabadi from comment #2) > Just saw an update (1.10.3) to wireshark for f19, with no news on this bug. > Has this been looked into yet? Mansour, this should work now - please test it and report about the results. Tested 1.10.3-2 and issue is still present. (In reply to Mansour Behabadi from comment #4) > Tested 1.10.3-2 and issue is still present. Ah, sorry - that was fix for a different issue. This one is still unresolved. Mansour, please wait a bit more - it's better for maintainers to submit the current build (which fixes a bunch of CVEs) into stable. We'll try to deal with this bug right after that. The issue is fixed in wireshark-1.10.3-8.fc21. When the package is installed, system group "usbmon" will be added, if not present. Members of that group are able to read /dev/usbmon*. So, to make unprivileged user capture network/usb traffic, add such user to groups wireshark and usbmon. Works for me! |