Red Hat Bugzilla – Bug 90208
CAN-2003-0194 tcpdump didn't drop root to pcap user like promised
Last modified: 2007-03-27 00:03:34 EDT
Description of problem:
During investigations we found, that the current available tcpdump binary didn't
drop root to pcap user like promised in man page.
Version-Release number of selected component (if applicable):
tcpdump-3.6.3-220.127.116.11 (perhaps others, too)
Steps to Reproduce:
1. Start tcpdump
2. Check for running user by ps -axu|grep tcpdump
Actual Results: # ps -axu|grep tcpdump
root 13531 0.0 0.9 3420 1176 pts/5 S 14:32 0:00 tcpdump not port
Expected Results: # ps -axu|grep tcpdump
pcap 13524 0.0 1.1 3712 1420 pts/5 S 14:31 0:00 [tcpdump]
I digged into the problem and found, that it's a compilation problem. The in the
SRPMS contained patch will be applied, patches "configure.in", but during
compile step, "autoheader" isn't executed.
Fix: patch spec file and rebuild binary packages
--- tcpdump.spec.orig Mon May 5 14:40:25 2003
+++ tcpdump.spec Mon May 5 14:39:14 2003
@@ -176,6 +176,7 @@
%define optflags $RPM_OPT_FLAGS -DIP_MAX_MEMBERSHIPS=20
%configure --enable-ipv6 --with-user=pcap
Credits to Harald Geiger of AERAsec, who detected that tcpdump didn't drop root
Verified, this is allocated CAN-2003-0194 and will be fixed in upcoming errata
RHSA-2003:174 (Red Hat Linux) and RHSA-2003:151 (Red Hat Enterprise Linux)
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.