FS#79790 - [arp-scan] Cannot open MAC/Vendor file: Permission denied
Attached to Project:
Arch Linux
Opened by Alexandr Oleynikov (citrusalex) - Tuesday, 26 September 2023, 23:43 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Thursday, 28 September 2023, 21:49 GMT
Opened by Alexandr Oleynikov (citrusalex) - Tuesday, 26 September 2023, 23:43 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Thursday, 28 September 2023, 21:49 GMT
|
Details
Description:
`arp-scan` will not print detailed information on scanned entries (like vendor info), complain about wrong permissions (?) for the mac and oui files unless you specify the location of `ouifile` and `macfile` manually. The 1.9.8 version of the package did not have this issue, this first occurred in 1.10.0-1. I haven't reported this issue upstream seeing how this could be a package issue, let me know if I should file a bug report on the app's Github instead. Additional info: * package version: 1.10.0-2 Steps to reproduce: If you run `arp-scan`, for example: `sudo arp-scan --interface=MYNETWORKINTERFACEHERE --localnet` the app will print the following errors: ``` WARNING: Cannot open MAC/Vendor file ieee-oui.txt: Permission denied WARNING: Cannot open MAC/Vendor file mac-vendor.txt: Permission denied ``` and no information for scanned entries will be available, they will all show up as (Unknown). But if you manually specify the location of the mac and oui files (files packaged with the app, default locations), like this: `sudo arp-scan --interface=MYNETWORKINTERFACEHERE --localnet --ouifile=/usr/share/arp-scan/ieee-oui.txt --macfile=/etc/arp-scan/mac-vendor.txt` the app will print info on the scanned entries normally. |
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Thursday, 28 September 2023, 21:49 GMT
Reason for closing: Fixed
Additional comments about closing: arp-scan-1.10.0-3
Thursday, 28 September 2023, 21:49 GMT
Reason for closing: Fixed
Additional comments about closing: arp-scan-1.10.0-3
Edit: Does strace reveal anything suspicious?
In the thread it says that it doesn't happen if you run it from /tmp or /root, which I was also able to reproduce (works correctly those directories are the working dirs).
Note that I'm running it with sudo, which according to docs is required and the app wouldn't run in the past versions otherwise.
I've also tried to remove and reinstall the package, but it's the same issue.
Looking at strace output, this is what it does when it's running from /tmp:
```
newfstatat(AT_FDCWD, "ieee-oui.txt", 0x7ffe2fe8f260, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/arp-scan/ieee-oui.txt", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1453113, ...}, AT_EMPTY_PATH) = 0
read(3, "# ieee-oui.txt -- IEEE Ethernet "..., 4096) = 4096
```
And this is from HOME
```
newfstatat(AT_FDCWD, "ieee-oui.txt", 0x7ffc8f78cee0, 0) = -1 EACCES (Permission denied)
openat(AT_FDCWD, "ieee-oui.txt", O_RDONLY) = -1 EACCES (Permission denied)
write(2, "WARNING: Cannot open MAC/Vendor "..., 69WARNING: Cannot open MAC/Vendor file ieee-oui.txt: Permission denied
) = 69
```
My wild guess is, for whatever reason, when it's running from $HOME, it for some reason thinks the defaults are there and tries to open them, but since it's running in sudo and $HOME has 700 permissions, it's denied access?
[1] https://github.com/royhills/arp-scan/commit/edb43e2557aa1f459641060dafb77ccaf9082f2a