drop-privs-after-opening-savefile patch is broken if -G (rotate_seconds) is used
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcpdump (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu applies this patch to the upstream tcpdump: https:/
Vanilla tcpump drops permissions (droproot) before it creates output files (pcap_dump_open).
Ubuntu's tcpdump drops permissions before it creates output files *only if the -C flag is set*, because with -C tcpdump has to create output files later on (after it has dropped privileges), and user want permission errors immediately, not only after the first rotation. In every other case, it creates the output file with full privs, and thus is able to write to locations where it might not to after the drop.
Unfortunately the -G (rotate_seconds) flag also causes tcpdump to create output files later on (once per rotation, obviously). If you use -G without -C, Ubuntu's tcpdump creates the first file with full privs, drops the privs, waits until it is time to rotate, and then crashes if the permissions are insufficient. This is very ugly to debug in scenarios where tcpdump is restarted automatically by e.g. systemd, because output files are being created and filled, but a few packets are missing at rotation.
The bug is probably quite old and well-known enough that medium articles about it exist (https:/
To fix this issue, you probably (I did not test it) only need to replace
```
if (Cflag && (username || chroot_dir))
```
with
```
if ((Cflag || Gflag) && (username || chroot_dir))
```
Release:
```
root@majorpurpo
Description: Ubuntu 22.04.4 LTS
Release: 22.04
```
Package version:
```
root@majorpurpo
tcpdump:
Installed: 4.99.1-3ubuntu0.2
Candidate: 4.99.1-3ubuntu0.2
Version table:
*** 4.99.1-3ubuntu0.2 500
500 http://
100 /var/lib/
4.99.1-3build2 500
500 http://
```
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: tcpdump 4.99.1-3ubuntu0.2
ProcVersionSign
Uname: Linux 5.15.0-102-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Mon Apr 8 13:09:22 2024
InstallationDate: Installed on 2022-07-08 (639 days ago)
InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421)
ProcEnviron:
TERM=screen
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: tcpdump
UpgradeStatus: No upgrade log present (probably fresh install)