Hi, trying to get rid of "sudo", I've set setuid for "root" user on dumpcap. (SLES 10.3) It's working fine with regard to capturing. However, the TMPDIR variable is ignored. Is this a security feature? Does somebody know, how to circumvent this? Best regards Philipp asked 23 Feb '11, 05:25  pvh edited 23 Feb '11, 05:26 |
One Answer:
This is, apparently, a glibc feature. See: https://bugzilla.redhat.com/show_bug.cgi?id=129682#c1 and/or: http://lists.gnu.org/archive/html/bug-glibc/2003-08/msg00076.html Oh, and I can't think of a way to avoid it. [Update] Don't forget to drop by and Accept this answer if it answered your question. answered 29 Feb '12, 07:43  JeffMorriss ♦ edited 09 Mar '12, 06:59 |
In fact, it's probably a feature of many UN\*Xes other than Linux distributions with glibc; environment variables are often ignored by programs and library routines when running set-UID, as they can be maliciously set in an attempt to trick the set-UID program into reading from or writing to files to which the user shouldn't be given access.
And, as such, there is no way to disable that feature. See, however, the Wireshark Wiki page on capture privileges for some information on how to give dumpcap sufficient privileges.