Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 7116

Summary: if you have uid 2090 you are a winner if tcpdump is suid root
Product: [Retired] Red Hat Linux Reporter: lha
Component: tcpdumpAssignee: Harald Hoyer <harald>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-12-22 14:52:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description lha 1999-11-18 20:51:26 UTC
tcpdump-3.4-ss990523.dif.gz

if you have uid 2090 you are a winner if tcpdump is suid root,
and people might do that since is a nice thing to tcpdump the network
w/o being root.

You never read patches you get ?

diff -x rsvpd -x rsvp_print.c --new-file -ur lbl/tcpdump-3.4/tcpdump.c
tcpdump-3.4/tcpdump.c
--- lbl/tcpdump-3.4/tcpdump.c   Sun Oct 19 00:50:17 1997
+++ tcpdump-3.4/tcpdump.c       Wed Mar 17 20:46:21 1999
@@ -134,6 +176,9 @@
        u_char *pcap_userdata;
        char ebuf[PCAP_ERRBUF_SIZE];

+       if (geteuid() == 0 && getuid() != 2090)
+               setuid(getuid());
+
        cnt = -1;
        device = NULL;
        infile = NULL;

Comment 1 lha 1999-11-22 14:44:59 UTC
ok, it might not been a security bole by itself, but you should still
read you patches you get.

You should consider using www.tcpdump.org instead of old tcpdump 3.4 + random
patches.

Comment 2 Jeff Johnson 1999-12-22 14:51:59 UTC
The 2090 backdoor has been removed in tcpdump-3.4-17.

The tcpdump.org offering doesn't seem quite stable yet, but I'll probably
upgrade to that version when a stable release is available.