2024-02-06 07:33:29 |
Koen Dierckx |
bug |
|
|
added bug |
2024-02-08 13:40:37 |
Georgia Garcia |
attachment added |
|
tcpdump_4.9.3-4ubuntu0.3.debdiff https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2052493/+attachment/5745198/+files/tcpdump_4.9.3-4ubuntu0.3.debdiff |
|
2024-02-08 13:41:03 |
Georgia Garcia |
attachment added |
|
tcpdump_4.99.1-3ubuntu0.2.debdiff https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2052493/+attachment/5745199/+files/tcpdump_4.99.1-3ubuntu0.2.debdiff |
|
2024-02-08 14:53:17 |
Georgia Garcia |
description |
Reproduction steps:
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
# for -r, -F and -w
/**.[pP][cC][aA][pP] rw,
It should allow for trailing numbers added to the filename.
This is required when using the -C/-W options, as those will cause rotating filenames
# for -r, -F, -w, -C and -W
/**.[pP][cC][aA][pP]* rw,
After changing the profile, and reloading via 'service apparmor reload'
The tcpdump will work as expected |
[ Impact ]
AppArmor was denying the creation of .pcap files ending in digits which is required by the -W parameter of tcpdump. This issue had already been fixed upstream https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a and currently only affect focal and jammy.
I also added the permission for reading and writing of .cap and .pcapng files which were already allowed upstream as well.
[ Test Plan ]
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
# for -r, -F and -w
/**.[pP][cC][aA][pP] rw,
[ Where problems could occur ]
The risk of allowing read and write to .pcap+digits is very minor considering that reading and writing to .pcap is already allowed by policy. Additionally, these rules are a requirement for the application to work properly.
[ Other Info ]
Upstream commits:
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b |
|
2024-02-08 14:54:16 |
Georgia Garcia |
bug |
|
|
added subscriber Ubuntu Sponsors |
2024-02-08 14:55:02 |
Georgia Garcia |
description |
[ Impact ]
AppArmor was denying the creation of .pcap files ending in digits which is required by the -W parameter of tcpdump. This issue had already been fixed upstream https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a and currently only affect focal and jammy.
I also added the permission for reading and writing of .cap and .pcapng files which were already allowed upstream as well.
[ Test Plan ]
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
# for -r, -F and -w
/**.[pP][cC][aA][pP] rw,
[ Where problems could occur ]
The risk of allowing read and write to .pcap+digits is very minor considering that reading and writing to .pcap is already allowed by policy. Additionally, these rules are a requirement for the application to work properly.
[ Other Info ]
Upstream commits:
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b |
[ Impact ]
AppArmor was denying the creation of .pcap files ending in digits which is required by the -W parameter of tcpdump. This issue had already been fixed upstream https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a and currently only affect focal and jammy.
I also added the permission for reading and writing of .cap and .pcapng files which were already allowed upstream as well.
The debdiffs for both focal and jammy are in the comments
[ Test Plan ]
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
# for -r, -F and -w
/**.[pP][cC][aA][pP] rw,
[ Where problems could occur ]
The risk of allowing read and write to .pcap+digits is very minor considering that reading and writing to .pcap is already allowed by policy. Additionally, these rules are a requirement for the application to work properly.
[ Other Info ]
Upstream commits:
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b |
|
2024-02-08 20:28:08 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Jammy |
|
2024-02-08 20:28:08 |
Sergio Durigan Junior |
bug task added |
|
tcpdump (Ubuntu Jammy) |
|
2024-02-08 20:28:08 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Focal |
|
2024-02-08 20:28:08 |
Sergio Durigan Junior |
bug task added |
|
tcpdump (Ubuntu Focal) |
|
2024-02-08 20:28:13 |
Sergio Durigan Junior |
tcpdump (Ubuntu Focal): status |
New |
In Progress |
|
2024-02-08 20:28:15 |
Sergio Durigan Junior |
tcpdump (Ubuntu Jammy): status |
New |
In Progress |
|
2024-02-08 20:28:20 |
Sergio Durigan Junior |
removed subscriber Ubuntu Sponsors |
|
|
|
2024-02-08 20:31:57 |
Sergio Durigan Junior |
tcpdump (Ubuntu): status |
New |
Fix Released |
|
2024-02-08 21:42:55 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Sergio Durigan Junior |
2024-02-09 09:42:52 |
Timo Aaltonen |
tcpdump (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
2024-02-09 09:42:52 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2024-02-09 09:42:57 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2024-02-09 09:43:00 |
Timo Aaltonen |
tags |
|
verification-needed verification-needed-jammy |
|
2024-02-09 09:43:41 |
Timo Aaltonen |
tcpdump (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2024-02-09 09:43:44 |
Timo Aaltonen |
tags |
verification-needed verification-needed-jammy |
verification-needed verification-needed-focal verification-needed-jammy |
|
2024-02-12 09:32:34 |
Koen Dierckx |
tags |
verification-needed verification-needed-focal verification-needed-jammy |
verification-done-focal verification-done-jammy |
|
2024-02-12 09:34:19 |
Koen Dierckx |
tags |
verification-done-focal verification-done-jammy |
verification-done verification-done-focal verification-done-jammy |
|
2024-02-22 21:45:50 |
Launchpad Janitor |
tcpdump (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
2024-02-22 21:45:54 |
Andreas Hasenack |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2024-02-22 21:46:34 |
Launchpad Janitor |
tcpdump (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|