NetBSD Problem Report #48005
From www@NetBSD.org Thu Jul 4 15:25:15 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id AE0BD71873
for <gnats-bugs@gnats.NetBSD.org>; Thu, 4 Jul 2013 15:25:15 +0000 (UTC)
Message-Id: <20130704152502.888D27187B@mollari.NetBSD.org>
Date: Thu, 4 Jul 2013 15:25:02 +0000 (UTC)
From: joern.clausen@uni-bielefeld.de
Reply-To: joernc@gmail.com
To: gnats-bugs@NetBSD.org
Subject: tcpdump: option -C broken
X-Send-Pr-Version: www-1.0
>Number: 48005
>Category: bin
>Synopsis: tcpdump: option -C broken
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 04 15:30:00 +0000 2013
>Last-Modified: Tue Jan 29 06:47:04 +0000 2019
>Originator: Jörn Clausen
>Release: NetBSD 6.1 (GENERIC) amd64
>Organization:
University of Bielefeld
>Environment:
>Description:
Option "-C" (write chunks) in /usr/sbin/tcpdump is broken:
$ tcpdump -w tcp.dump -C 1
tcpdump: listening on nfe0, link-type EN10MB (Ethernet), capture size 65535 bytes
tcpdump: tcp.dump1: Permission denied
after the first chunk has been read. ktruss shows
1073 1 tcpdump open("tcp.dump1", 0x601, 0x1b6) Err#13 EACCES
tcpdump 4.4.0 from pkgsrc on the same machine works as expected.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Wed, 22 Feb 2017 00:40:27 -0500
The reason option -C isn't working for you as you'd expect is because
NetBSD's tcpdump drops privileges and runs chrooted as _tcpdump. So
after the first output file has been opened, the process no longer has
the access permissions to open further files.
That's noted in the man page under the -Z option, though it's actually
a bit misleading, since the man page first states that privileges are
dropped before opening any output files, but that's not the case for
NetBSD. By default you'll end up with the first output file, and then
output will stop once that file's full, as you've found.
To work around that, you can run tcpdump with "-Z root", which I just
tested, and indeed it writes further output files. Though what
happened for me was it wrote the first file where I specified, and
then the rest under /var/chroot/tcpdump, since it ends up running in
the chroot, but with root privileges.
Dave
From: =?UTF-8?Q?J=c3=b6rn_Clausen?= <joern.clausen@uni-bielefeld.de>
To: gnats-bugs@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Wed, 22 Feb 2017 13:14:22 +0100
I didn't expect an answer after all this time :)
Thanks for the explanation. From my point of view this PR can be closed,
but maybe someone wants to fix the documentation?
--
Jörn Clausen
Plattformen & Serverdienste
Hochschulrechenzentrum
Universität Bielefeld
Universitätsstraße 25
33615 Bielefeld
Telefon: +49 521 106-12601
E-Mail: joern.clausen@uni-bielefeld.de
http://www.uni-bielefeld.de/hrz
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Wed, 22 Feb 2017 22:35:59 -0500
On Wed, 22 Feb 2017, at 13:14:22 +0100, Jörn Clausen wrote:
> I didn't expect an answer after all this time :)
>
> Thanks for the explanation. From my point of view this PR can be
> closed, but maybe someone wants to fix the documentation?
I'll have a go at suggesting some brief additions if no one else gets
to it first. (There was originally a touch more detail under the -Z
option that seems pertinent from my perspective which was removed
during one of the many merges over the years. Also, -C should carry a
warning.)
If you're using the pkgsrc version of tcpdump, note that as of today,
it also enforces dropped privileges.[1] (I think that, too, merits a
warning in the applicable man page. Also, in my understanding, it will
still behave differently than the base NetBSD version as concerns
opening output files.)
1. http://mail-index.netbsd.org/pkgsrc-changes/2017/02/22/msg153360.html
Regards,
Dave
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Thu, 02 Mar 2017 18:19:45 -0500
My suggested amendments to the tcpdump man page:
--- tcpdump.1.in~
+++ tcpdump.1.in
@@ -20,7 +20,7 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES
OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.TH TCPDUMP 8Â Â "17 September 2015"
+.TH TCPDUMP 8Â Â "2 March 2017"
 .SH NAME
 tcpdump \- dump traffic on a network
 .SH SYNOPSIS
@@ -254,6 +254,11 @@
 flag, with a number after it, starting at 1 and continuing upward.
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
 not 1,048,576 bytes).
+.IP
+Note if this is used in conjunction with the
+.B \-Z
+option (the default on NetBSD), the process will likely not have
+adequate permissions to open subsequent savefiles.
 .TP
 .B \-d
 Dump the compiled packet-matching code in a human readable form to
@@ -861,15 +866,16 @@
 .PD
 If
 .I tcpdump
-is running as root, after opening the capture device or input savefile,
-but before opening any savefiles for output, change the user ID to
+is running as root, after opening the capture device, input savefile,
+or initial output savefile, change the user ID to
 .I user
 and the group ID to the primary group of
 .IR user .
 .IP
 This behavior is the default for NetBSD where
 .I tcpdumpÂ
-runs as the user ``_tcpdump''.
+runs as the user ``_tcpdump'', with its root directory changed to
+\fI/var/chroot/tcpdump\fP.
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.
From: coypu@SDF.ORG
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Fri, 10 Mar 2017 12:09:56 +0000
I learned that tcpdump has this option from your bug report and decided
to modify the pkgsrc package to do the same since it can do it too.
Thanks for mentioning it.
I think it's more than worth it, tcpdump recently had the following
advisory: http://seclists.org/oss-sec/2017/q1/230 (All of them are the
same error).
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Wed, 22 Mar 2017 16:02:01 -0400
>I learned that tcpdump has this option from your bug report and decided
>to modify the pkgsrc package to do the same since it can do it too.
>Thanks for mentioning it.
>
>I think it's more than worth it, tcpdump recently had the following
>advisory: http://seclists.org/oss-sec/2017/q1/230 (All of them are the
>same error).
Sure, but this change violates "the principle of least surprise", since
it significantly alters how the software behaves. At the least, the
pkgsrc version should have a MESSAGE file provided that warns users it
runs unprivileged by default, since this will break the very
functionality under discussion in this PR. (And it will still behave
inconsistently from the native NetBSD version concerning the initial
output file.)
It's frustrating that tools like this are altered and then these
alterations are not fully documented, as is presently the case with
the native NetBSD version (which opens the initial input file before
dropping privileges, unlike upstream tcpdump).
Dave
From: coypu@SDF.ORG
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005
Date: Wed, 22 Mar 2017 21:25:22 +0000
Vanilla tcpdump does this:
> sudo /usr/pkg/sbin/tcpdump -n -i alc0
dropped privs to _tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on alc0, link-type EN10MB (Ethernet), capture size 262144 bytes
christos removed the message from netbsd tcpdump.
From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48005 (tcpdump: option -C broken)
Date: Wed, 22 Mar 2017 18:19:41 -0400
>Vanilla tcpdump does this:
> > sudo /usr/pkg/sbin/tcpdump -n -i alc0
> dropped privs to _tcpdump
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
> listening on alc0, link-type EN10MB (Ethernet), capture size 262144
bytes
>Â
> christos removed the message from netbsd tcpdump.
Ah, I stand corrected then, sorry. (I've never used the vanilla tcpdump
on NetBSD, nor a privilege-separated version on other OSes.) No issue
with the pkgsrc version.
Dave
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.