]> The Tcpdump Group git mirrors - tcpdump/commitdiff
Skip privilege dropping when using -Z root on --with-user builds
authorMartin Willi <[email protected]>
Tue, 12 Nov 2019 12:43:31 +0000 (13:43 +0100)
committerFrancois-Xavier Le Bail <[email protected]>
Thu, 24 Aug 2023 08:53:26 +0000 (10:53 +0200)
Distributions which started building --with-user to switch to an
unpriviliged user claim that the old behavior of running under root
can be restored by passing "-Z root" on the command line. However,
doing so is different from not using --with-user, as tcpdump still
drops privileges and sets supplementary user groups.

In Linux containers using user namespaces with an in-container root
user mapped to an unprivileged external user, calling setgroups() is
usually denied, as it would allow that unprivileged user to leave
groups (see user_namespaces(7) for details). Passing "-Z root" on
a --with-user build still goes through initgroups() and therefore
setgroups(), which will fail in such a container environment. This
makes tcpdump builds using --with-user effectively unusable in such
containers.

Adjust the "-Z root" fallback to skip any privilege dropping and
supplementary group setup, making it identical to builds not using
--with-user.

(cherry picked from commit d6c4b176bab676b4d73dc4b1a9fd8c803db88194)

tcpdump.c

index 0b6541589f018fd61121bcb66a9fd6262d44346d..837f14e9e52d36fd36730f5dbcc76c7dd2b4d1ce 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -2026,6 +2026,8 @@ main(int argc, char **argv)
                /* Run with '-Z root' to restore old behaviour */
                if (!username)
                        username = WITH_USER;
+               else if (strcmp(username, "root") == 0)
+                       username = NULL;
        }
 #endif