[Bug 2071891] Re: tcpdump segv if -Z and -w is specified

Ghadi Rahme 2071891 at bugs.launchpad.net
Tue Sep 16 15:27:28 UTC 2025 

** Description changed:

+ [ Impact ]
+ 
+ There is currently a bug in tcpdump causing it to segfault on Noble
+ machines and newer.
+ 
+ The bug has been fixed in debian upstream here:
+ https://salsa.debian.org/debian/tcpdump/-/blob/master/debian/patches/drop-
+ privs-after-opening-savefile.diff
+ 
+ There is also a discussion about it on the debian bug tracker:
+ https://bugs.debian.org/935112
+ 
+ [ Test Plan ]
+ 
+ Make sure you are on a noble machine or newer.
+ To reproduce the issue simply run the following command:
+ 
+ $ sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
+ 
+ Note that running it with sudo or being in a root shell is a requirement to trigger the crash.
+ You will see the following when reproducing the crash:
+ ```
+ ghadi at XPS-17-9720 ~ » sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
+ [1]    1250151 segmentation fault  sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
+ ```
+ 
+ [ Where problems could occur ]
+ 
+ Since the patch makes sure that the username is valid before changing
+ ownership, a possible regression might be that tcpdump fails to run due
+ to permission issues, or that it still segfaults due to other checks
+ that might be required.
+ 
+ 
+ [ Original Description ]
  Reproduce:
  
  As root (sudo sh) do:
  
  # tcpdump -Z root -ni lo -w /tmp/lo.pcap
  Segmentation fault (core dumped)
  
  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: tcpdump 4.99.4-3ubuntu4
  ProcVersionSignature: Ubuntu 6.8.0-36.36-generic 6.8.4
  Uname: Linux 6.8.0-36-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: XFCE
  Date: Thu Jul  4 08:47:14 2024
  InstallationDate: Installed on 2024-04-25 (69 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  ProcEnviron:
-  LANG=en_US.UTF-8
-  PATH=(custom, no user)
-  SHELL=/bin/bash
-  TERM=xterm
-  XDG_RUNTIME_DIR=<set>
+  LANG=en_US.UTF-8
+  PATH=(custom, no user)
+  SHELL=/bin/bash
+  TERM=xterm
+  XDG_RUNTIME_DIR=<set>
  SourcePackage: tcpdump
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2071891

Title:
  tcpdump segv if -Z and -w is specified

Status in tcpdump package in Ubuntu:
  Fix Released
Status in tcpdump source package in Noble:
  Confirmed
Status in tcpdump source package in Oracular:
  Won't Fix
Status in tcpdump source package in Plucky:
  Confirmed
Status in tcpdump source package in Questing:
  Fix Released
Status in tcpdump package in Debian:
  Fix Released

Bug description:
  [ Impact ]

  There is currently a bug in tcpdump causing it to segfault on Noble
  machines and newer.

  The bug has been fixed in debian upstream here:
  https://salsa.debian.org/debian/tcpdump/-/blob/master/debian/patches/drop-
  privs-after-opening-savefile.diff

  There is also a discussion about it on the debian bug tracker:
  https://bugs.debian.org/935112

  [ Test Plan ]

  Make sure you are on a noble machine or newer and that tcpdump is
  installed.

  $ sudo apt install tcpdump

  To reproduce the issue simply run the following command:

  $ sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap

  Note that running it with sudo or being in a root shell is a requirement to trigger the crash.
  You will see the following when reproducing the crash:
  ```
  ghadi at XPS-17-9720 ~ » sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
  [1]    1250151 segmentation fault  sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
  ```

  [ Where problems could occur ]

  Since the patch makes sure that the username is valid before changing
  ownership, a possible regression might be that tcpdump fails to run
  due to permission issues, or that it still segfaults due to other
  checks that might be required.

  [ Original Description ]
  Reproduce:

  As root (sudo sh) do:

  # tcpdump -Z root -ni lo -w /tmp/lo.pcap
  Segmentation fault (core dumped)

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: tcpdump 4.99.4-3ubuntu4
  ProcVersionSignature: Ubuntu 6.8.0-36.36-generic 6.8.4
  Uname: Linux 6.8.0-36-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: XFCE
  Date: Thu Jul  4 08:47:14 2024
  InstallationDate: Installed on 2024-04-25 (69 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm
   XDG_RUNTIME_DIR=<set>
  SourcePackage: tcpdump
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2071891/+subscriptions

More information about the Ubuntu-sponsors mailing list