Bug 90208 - CAN-2003-0194 tcpdump didn't drop root to pcap user like promised
CAN-2003-0194 tcpdump didn't drop root to pcap user like promised
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: tcpdump (Show other bugs)
7.3
All Linux
high Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-05 09:43 EDT by Peter Bieringer
Modified: 2007-03-27 00:03 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-05-15 03:59:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2003-05-05 09:43:11 EDT
Description of problem:
During investigations we found, that the current available tcpdump binary didn't
drop root to pcap user like promised in man page.

Version-Release number of selected component (if applicable):
tcpdump-3.6.3-17.7.3.2 (perhaps others, too)

How reproducible:
Always

Steps to Reproduce:
1. Start tcpdump
2. Check for running user by ps -axu|grep tcpdump

    

Actual Results:  # ps -axu|grep tcpdump
 root     13531  0.0  0.9  3420 1176 pts/5    S    14:32   0:00 tcpdump not port

Expected Results:  # ps -axu|grep tcpdump
pcap     13524  0.0  1.1  3712 1420 pts/5    S    14:31   0:00 [tcpdump]

Additional info:

I digged into the problem and found, that it's a compilation problem. The in the
SRPMS contained patch will be applied, patches "configure.in", but during
compile step, "autoheader" isn't executed.

Fix: patch spec file and rebuild binary packages

--- tcpdump.spec.orig   Mon May  5 14:40:25 2003
+++ tcpdump.spec        Mon May  5 14:39:14 2003
@@ -176,6 +176,7 @@
 pushd %tcpdump_dir
 %define        optflags $RPM_OPT_FLAGS -DIP_MAX_MEMBERSHIPS=20
 #autoconf
+autoheader
 %configure --enable-ipv6 --with-user=pcap
 %undefine optflags



Credits to Harald Geiger of AERAsec, who detected that tcpdump didn't drop root
permissions.
Comment 1 Mark J. Cox (Product Security) 2003-05-06 11:00:44 EDT
Verified, this is allocated CAN-2003-0194 and will be fixed in upcoming errata
RHSA-2003:174 (Red Hat Linux) and RHSA-2003:151 (Red Hat Enterprise Linux)
Comment 2 Mark J. Cox (Product Security) 2003-05-15 03:59:33 EDT
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-174.html

Note You need to log in before you can comment on or make changes to this bug.