** Description changed: [ Impact ] There is currently a bug in tcpdump causing it to segfault on Noble machines and newer. - The bug has been fixed in debian upstream here: - https://salsa.debian.org/debian/tcpdump/-/blob/master/debian/patches/drop- - privs-after-opening-savefile.diff - - There is also a discussion about it on the debian bug tracker: - https://bugs.debian.org/935112 + This is because of a bad interaction with d/p/drop-privs-only-if-non-root.diff + where using -Z root sets username to NULL, causing a null pointer dereference and subsequent segmentation fault. [ Test Plan ] Make sure you are on a noble machine or newer and that tcpdump is installed. $ sudo apt install tcpdump To reproduce the issue simply run the following command: $ sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap Note that running it with sudo or being in a root shell is a requirement to trigger the crash. You will see the following when reproducing the crash: ``` ghadi@XPS-17-9720 ~ » sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap [1] 1250151 segmentation fault sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap ``` [ Where problems could occur ] Since the patch makes sure that the username is valid before changing ownership, a possible regression might be that tcpdump fails to run due to permission issues, or that it still segfaults due to other checks that might be required. - [ Original Description ] - Reproduce: + [ Other info ] - As root (sudo sh) do: + The bug has been fixed in debian upstream here: + https://salsa.debian.org/debian/tcpdump/-/blob/master/debian/patches/drop- + privs-after-opening-savefile.diff - # tcpdump -Z root -ni lo -w /tmp/lo.pcap - Segmentation fault (core dumped) + There is also a discussion about it on the debian bug tracker: + https://bugs.debian.org/935112 - ProblemType: Bug - DistroRelease: Ubuntu 24.04 - Package: tcpdump 4.99.4-3ubuntu4 - ProcVersionSignature: Ubuntu 6.8.0-36.36-generic 6.8.4 - Uname: Linux 6.8.0-36-generic x86_64 - ApportVersion: 2.28.1-0ubuntu3 - Architecture: amd64 - CasperMD5CheckResult: pass - CurrentDesktop: XFCE - Date: Thu Jul 4 08:47:14 2024 - InstallationDate: Installed on 2024-04-25 (69 days ago) - InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424) - ProcEnviron: - LANG=en_US.UTF-8 - PATH=(custom, no user) - SHELL=/bin/bash - TERM=xterm - XDG_RUNTIME_DIR=<set> - SourcePackage: tcpdump - UpgradeStatus: No upgrade log present (probably fresh install) + This was fixed in: + + commit b4b1230f07df973f8c8c339ec022f2357bc1179e + From: Romain Francoise <[email protected]> + Date: Fri, 23 Aug 2024 18:39:26 +0200 + Subject: Avoid getpwnam(NULL) when called with `-Z root' (#1078771) + Link: https://salsa.debian.org/debian/tcpdump/-/commit/b4b1230f07df973f8c8c339ec022f2357bc1179e
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071891 Title: tcpdump segv if -Z and -w is specified To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2071891/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
