diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/drop-privs-after-opening-savefile.diff | 91 | ||||
| -rw-r--r-- | debian/patches/drop-privs-only-if-non-root.diff | 41 | ||||
| -rw-r--r-- | debian/patches/drop-privs-silently.diff | 29 | ||||
| -rw-r--r-- | debian/patches/install.diff | 26 | ||||
| -rw-r--r-- | debian/patches/man-section.diff | 15 | ||||
| -rw-r--r-- | debian/patches/series | 5 |
6 files changed, 207 insertions, 0 deletions
diff --git a/debian/patches/drop-privs-after-opening-savefile.diff b/debian/patches/drop-privs-after-opening-savefile.diff new file mode 100644 index 0000000..a4c856a --- /dev/null +++ b/debian/patches/drop-privs-after-opening-savefile.diff @@ -0,0 +1,91 @@ +Description: Drop root privileges after opening savefile +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/935112 +Origin: https://src.fedoraproject.org/rpms/tcpdump/raw/master/f/0003-Drop-root-priviledges-before-opening-first-savefile-.patch +--- + tcpdump.1.in | 7 ++++++- + tcpdump.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 1 deletion(-) + +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -269,6 +269,9 @@ + flag, with a number after it, starting at 1 and continuing upward. + The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, + not 1,048,576 bytes). ++ ++Note that when used with \fB\-Z\fR option (enabled by default), privileges ++are dropped before opening first savefile. + .TP + .B \-d + Dump the compiled packet-matching code in a human readable form to +@@ -966,12 +969,14 @@ + If + .I tcpdump + is running as root, after opening the capture device or input savefile, +-but before opening any savefiles for output, change the user ID to ++change the user ID to + .I user + and the group ID to the primary group of + .IR user . + .IP +-This behavior can also be enabled by default at compile time. ++This behavior is enabled by default (\fB\-Z tcpdump\fR), and can ++be disabled by \fB\-Z root\fR. ++ + .IP "\fI expression\fP" + .RS + selects which packets will be dumped. +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -1510,6 +1510,7 @@ + cap_rights_t rights; + int cansandbox; + #endif /* HAVE_CAPSICUM */ ++ int chown_flag = 0; + int Oflag = 1; /* run filter code optimizer */ + int yflag_dlt = -1; + const char *yflag_dlt_name = NULL; +@@ -2338,6 +2339,19 @@ + } + capng_apply(CAPNG_SELECT_BOTH); + #endif /* HAVE_LIBCAP_NG */ ++ /* If user is running tcpdump as root and wants to write to the savefile, ++ * we will check if -C is set and if it is, we will drop root ++ * privileges right away and consequent call to>pcap_dump_open() ++ * will most likely fail for the first file. If -C flag is not set we ++ * will create file as root then change ownership of file to proper ++ * user(default tcpdump) and drop root privileges. ++ */ ++ if (WFileName) ++ if (Cflag && (username || chroot_dir)) ++ droproot(username, chroot_dir); ++ else ++ chown_flag = 1; ++ else + if (username || chroot_dir) + droproot(username, chroot_dir); + +@@ -2395,6 +2409,22 @@ + #endif /* HAVE_LIBCAP_NG */ + if (pdd == NULL) + error("%s", pcap_geterr(pd)); ++ ++ /* Change ownership of file and drop root privileges */ ++ if (chown_flag) { ++ struct passwd *pwd; ++ ++ pwd = getpwnam(username); ++ if (!pwd) ++ error("Couldn't find user '%s'", username); ++ ++ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) ++ error("Couldn't change ownership of savefile"); ++ ++ if (username || chroot_dir) ++ droproot(username, chroot_dir); ++ } ++ + #ifdef HAVE_CAPSICUM + set_dumper_capsicum_rights(pdd); + #endif diff --git a/debian/patches/drop-privs-only-if-non-root.diff b/debian/patches/drop-privs-only-if-non-root.diff new file mode 100644 index 0000000..e7001b7 --- /dev/null +++ b/debian/patches/drop-privs-only-if-non-root.diff @@ -0,0 +1,41 @@ +From dec0e5183c026ccef342ba3a877c13c1cdab61d5 Mon Sep 17 00:00:00 2001 +From: Martin Willi <martin@strongswan.org> +Date: Tue, 12 Nov 2019 13:43:31 +0100 +Subject: [PATCH] Skip privilege dropping when using -Z root on --with-user + builds + +Distributions which started building --with-user to switch to an +unpriviliged user claim that the old behavior of running under root +can be restored by passing "-Z root" on the command line. However, +doing so is different from not using --with-user, as tcpdump still +drops privileges and sets supplementary user groups. + +In Linux containers using user namespaces with an in-container root +user mapped to an unprivileged external user, calling setgroups() is +usually denied, as it would allow that unprivileged user to leave +groups (see user_namespaces(7) for details). Passing "-Z root" on +a --with-user build still goes through initgroups() and therefore +setgroups(), which will fail in such a container environment. This +makes tcpdump builds using --with-user effectively unusable in such +containers. + +Adjust the "-Z root" fallback to skip any privilege dropping and +supplementary group setup, making it identical to builds not using +--with-user. +--- + tcpdump.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tcpdump.c b/tcpdump.c +index 219ac2a2b..36ba60c17 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -2078,6 +2078,8 @@ main(int argc, char **argv) + /* Run with '-Z root' to restore old behaviour */ + if (!username) + username = WITH_USER; ++ else if (strcmp(username, "root") == 0) ++ username = NULL; + } + #endif + diff --git a/debian/patches/drop-privs-silently.diff b/debian/patches/drop-privs-silently.diff new file mode 100644 index 0000000..b4a5412 --- /dev/null +++ b/debian/patches/drop-privs-silently.diff @@ -0,0 +1,29 @@ +Description: Drop root privileges silently as it's the default +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/935112 +Origin: vendor, https://src.fedoraproject.org/rpms/tcpdump/raw/master/f/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +--- + tcpdump.c | 5 ----- + 1 file changed, 5 deletions(-) + +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -788,8 +788,6 @@ + int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); + if (ret < 0) + error("capng_change_id(): return %d\n", ret); +- else +- fprintf(stderr, "dropped privs to %s\n", username); + } + #else + if (initgroups(pw->pw_name, pw->pw_gid) != 0 || +@@ -799,9 +797,6 @@ + (unsigned long)pw->pw_uid, + (unsigned long)pw->pw_gid, + pcap_strerror(errno)); +- else { +- fprintf(stderr, "dropped privs to %s\n", username); +- } + #endif /* HAVE_LIBCAP_NG */ + } else + error("Couldn't find user '%.32s'", username); diff --git a/debian/patches/install.diff b/debian/patches/install.diff new file mode 100644 index 0000000..69a550f --- /dev/null +++ b/debian/patches/install.diff @@ -0,0 +1,26 @@ +Description: Change man page install paths for Debian and don't install a versioned binary. +Forwarded: not-needed +Author: Romain Francoise <rfrancoise@debian.org> + +--- a/Makefile.in ++++ b/Makefile.in +@@ -424,15 +424,14 @@ + [ -d $(DESTDIR)$(bindir) ] || \ + (mkdir -p $(DESTDIR)$(bindir); chmod 755 $(DESTDIR)$(bindir)) + $(INSTALL_PROGRAM) $(PROG) $(DESTDIR)$(bindir)/$(PROG) +- $(INSTALL_PROGRAM) $(PROG) $(DESTDIR)$(bindir)/$(PROG).`cat ${srcdir}/VERSION` +- [ -d $(DESTDIR)$(mandir)/man1 ] || \ +- (mkdir -p $(DESTDIR)$(mandir)/man1; chmod 755 $(DESTDIR)$(mandir)/man1) +- $(INSTALL_DATA) $(PROG).1 $(DESTDIR)$(mandir)/man1/$(PROG).1 ++ [ -d $(DESTDIR)$(mandir)/man8 ] || \ ++ (mkdir -p $(DESTDIR)$(mandir)/man8; chmod 755 $(DESTDIR)$(mandir)/man8) ++ $(INSTALL_DATA) $(PROG).1 $(DESTDIR)$(mandir)/man8/$(PROG).8 + + uninstall: + rm -f $(DESTDIR)$(bindir)/$(PROG) + rm -f $(DESTDIR)$(bindir)/$(PROG).`cat ${srcdir}/VERSION` +- rm -f $(DESTDIR)$(mandir)/man1/$(PROG).1 ++ rm -f $(DESTDIR)$(mandir)/man8/$(PROG).8 + + lint: + lint -hbxn $(SRC) $(LIBNETDISSECT_SRC) | \ diff --git a/debian/patches/man-section.diff b/debian/patches/man-section.diff new file mode 100644 index 0000000..83df10d --- /dev/null +++ b/debian/patches/man-section.diff @@ -0,0 +1,15 @@ +Description: Change man page section +Forwarded: not-needed +Author: Romain Francoise <rfrancoise@debian.org> + +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -20,7 +20,7 @@ + .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + .\" +-.TH TCPDUMP 1 "12 March 2023" ++.TH TCPDUMP 8 "12 March 2023" + .SH NAME + tcpdump \- dump traffic on a network + .SH SYNOPSIS diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..297b6c9 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,5 @@ +drop-privs-after-opening-savefile.diff +drop-privs-silently.diff +drop-privs-only-if-non-root.diff +install.diff +man-section.diff |