[Bug 2071891] Re: tcpdump segv if -Z and -w is specified

Matthew Ruffell 2071891 at bugs.launchpad.net
Tue Sep 30 23:46:41 UTC 2025 

Actual debdiff that was sponsored for plucky.

** Patch added: "Debdiff for tcpdump on plucky"
   https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2071891/+attachment/5913501/+files/lp417417_plucky.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2071891

Title:
  tcpdump segv if -Z and -w is specified

Status in tcpdump package in Ubuntu:
  Fix Released
Status in tcpdump source package in Noble:
  In Progress
Status in tcpdump source package in Oracular:
  Won't Fix
Status in tcpdump source package in Plucky:
  In Progress
Status in tcpdump source package in Questing:
  Fix Released
Status in tcpdump package in Debian:
  Fix Released

Bug description:
  [ Impact ]

  There is currently a bug in tcpdump causing it to segfault on Noble
  machines and newer.

  This is because of a bad interaction with d/p/drop-privs-only-if-non-root.diff
  where using -Z root sets username to NULL, causing a null pointer dereference and subsequent segmentation fault.

  [ Test Plan ]

  Make sure you are on a noble machine or newer and that tcpdump is
  installed.

  $ sudo apt install tcpdump

  To reproduce the issue simply run the following command:

  $ sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap

  Note that running it with sudo or being in a root shell is a requirement to trigger the crash.
  You will see the following when reproducing the crash:
  ```
  ghadi at XPS-17-9720 ~ ยป sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
  [1]    1250151 segmentation fault  sudo tcpdump -Z root -ni lo -w /tmp/lo.pcap
  ```

  [ Where problems could occur ]

  Since the patch makes sure that the username is valid before changing
  ownership, a possible regression might be that tcpdump fails to run
  due to permission issues, or that it still segfaults due to other
  checks that might be required.

  [ Other info ]

  The bug has been fixed in debian upstream here:
  https://salsa.debian.org/debian/tcpdump/-/blob/master/debian/patches/drop-
  privs-after-opening-savefile.diff

  There is also a discussion about it on the debian bug tracker:
  https://bugs.debian.org/935112

  This was fixed in:

  commit b4b1230f07df973f8c8c339ec022f2357bc1179e 
  From: Romain Francoise <rfrancoise at debian.org>
  Date: Fri, 23 Aug 2024 18:39:26 +0200
  Subject: Avoid getpwnam(NULL) when called with `-Z root' (#1078771)
  Link: https://salsa.debian.org/debian/tcpdump/-/commit/b4b1230f07df973f8c8c339ec022f2357bc1179e

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2071891/+subscriptions

More information about the Ubuntu-sponsors mailing list