63bc18bb95
Fix for CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39923, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929
58 lines
2.7 KiB
Diff
58 lines
2.7 KiB
Diff
From: Jan Safranek <jsafrane@redhat.com>
|
|
Date: Fri, 26 Nov 2010 14:30:45 +0300
|
|
Subject: [PATCH] Customize 'permission denied' error.
|
|
|
|
Add Fedora-specific message to error output when dumpcap cannot be started
|
|
because of permissions.
|
|
|
|
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
|
|
|
|
diff --git a/capture/capture_sync.c b/capture/capture_sync.c
|
|
index 2f9d2cc..b18e47f 100644
|
|
--- a/capture/capture_sync.c
|
|
+++ b/capture/capture_sync.c
|
|
@@ -375,6 +375,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
|
|
gchar *signal_pipe_name;
|
|
#else
|
|
char errmsg[1024+1];
|
|
+ const char *securitymsg = "";
|
|
int sync_pipe[2]; /* pipe used to send messages from child to parent */
|
|
enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
|
|
#endif
|
|
@@ -728,8 +729,11 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
|
|
dup2(sync_pipe[PIPE_WRITE], 2);
|
|
ws_close(sync_pipe[PIPE_READ]);
|
|
execv(argv[0], argv);
|
|
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
|
|
- argv[0], g_strerror(errno));
|
|
+ if (errno == EPERM || errno == EACCES)
|
|
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
|
|
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
|
|
+ argv[0], g_strerror(errno), securitymsg);
|
|
+
|
|
sync_pipe_errmsg_to_parent(2, errmsg, "");
|
|
|
|
/* Exit with "_exit()", so that we don't close the connection
|
|
@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
|
|
int i;
|
|
#else
|
|
char errmsg[1024+1];
|
|
+ const char *securitymsg = "";
|
|
int sync_pipe[2]; /* pipe used to send messages from child to parent */
|
|
int data_pipe[2]; /* pipe used to send data from child to parent */
|
|
#endif
|
|
@@ -1003,8 +1008,11 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
|
|
ws_close(sync_pipe[PIPE_READ]);
|
|
ws_close(sync_pipe[PIPE_WRITE]);
|
|
execv(argv[0], argv);
|
|
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
|
|
- argv[0], g_strerror(errno));
|
|
+ execv(argv[0], (gpointer)argv);
|
|
+ if (errno == EPERM || errno == EACCES)
|
|
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
|
|
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
|
|
+ argv[0], g_strerror(errno), securitymsg);
|
|
sync_pipe_errmsg_to_parent(2, errmsg, "");
|
|
|
|
/* Exit with "_exit()", so that we don't close the connection
|