[Bug 2071891] Re: tcpdump segv if -Z and -w is specified

Matthew Ruffell 2071891 at bugs.launchpad.net
Tue Sep 30 23:46:10 UTC 2025 

Hi Ghadi,

A couple minor notes:

We don't really need an entire new patch here, since we aren't really patching
tcpdump.c, we are actually patching d/p/drop-privs-after-opening-savefile.diff
so I would prefer if the change was made there, to reduce confusion from what
is an actual upstream patch and what is debian delta.

The change is really:

commit b4b1230f07df973f8c8c339ec022f2357bc1179e
From: Romain Francoise <rfrancoise at debian.org>
Date: Fri, 23 Aug 2024 18:39:26 +0200
Subject: Avoid getpwnam(NULL) when called with `-Z root' (#1078771)
Link: https://salsa.debian.org/debian/tcpdump/-/commit/b4b1230f07df973f8c8c339ec022f2357bc1179e

and I added this, along with some other minor changes to the SRU
template.

I have sponsored for plucky and noble.

Plucky:
Uploading tcpdump_4.99.4-3ubuntu4.25.04.1.dsc
Uploading tcpdump_4.99.4-3ubuntu4.25.04.1.debian.tar.xz
Uploading tcpdump_4.99.4-3ubuntu4.25.04.1_source.buildinfo
Uploading tcpdump_4.99.4-3ubuntu4.25.04.1_source.changes

Noble:
Uploading tcpdump_4.99.4-3ubuntu4.24.04.1.dsc
Uploading tcpdump_4.99.4-3ubuntu4.24.04.1.debian.tar.xz
Uploading tcpdump_4.99.4-3ubuntu4.24.04.1_source.buildinfo
Uploading tcpdump_4.99.4-3ubuntu4.24.04.1_source.changes

Thanks,
Matthew

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2071891

Title:
  tcpdump segv if -Z and -w is specified

Status in tcpdump package in Ubuntu:
  Fix Released
Status in tcpdump source package in Noble:
  In Progress
Status in tcpdump source package in Oracular:
  Won't Fix
Status in tcpdump source package in Plucky:
  In Progress
Status in tcpdump source package in Questing:
  Fix Released
Status in tcpdump package in Debian:
  Fix Released

Bug description:
  [ Impact ]

  There is currently a bug in tcpdump causing it to segfault on Noble
  machines and newer.

  This is because of a bad interaction with d/p/drop-privs-only-if-non-root.diff
  where using -Z root sets username to NULL, causing a null pointer dereference and subsequent segmentation fault.

  [ Test Plan ]

  Make sure you are on a noble machine or newer and that tcpdump is
  installed.

  $ sudo apt install tcpdump

  To reproduce the issue simply run the following command:

  $ sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap

  Note that running it with sudo or being in a root shell is a requirement to trigger the crash.
  You will see the following when reproducing the crash:
  ```
  ghadi at XPS-17-9720 ~ ยป sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
  [1]    1250151 segmentation fault  sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
  ```

  [ Where problems could occur ]

  Since the patch makes sure that the username is valid before changing
  ownership, a possible regression might be that tcpdump fails to run
  due to permission issues, or that it still segfaults due to other
  checks that might be required.

  [ Other info ]

  The bug has been fixed in debian upstream here:
  https://salsa.debian.org/debian/tcpdump/-/blob/master/debian/patches/drop-
  privs-after-opening-savefile.diff

  There is also a discussion about it on the debian bug tracker:
  https://bugs.debian.org/935112

  This was fixed in:

  commit b4b1230f07df973f8c8c339ec022f2357bc1179e 
  From: Romain Francoise <rfrancoise at debian.org>
  Date: Fri, 23 Aug 2024 18:39:26 +0200
  Subject: Avoid getpwnam(NULL) when called with `-Z root' (#1078771)
  Link: https://salsa.debian.org/debian/tcpdump/-/commit/b4b1230f07df973f8c8c339ec022f2357bc1179e

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2071891/+subscriptions

More information about the Ubuntu-sponsors mailing list