Skip privilege dropping when using -Z root on --with-user builds

martinwilli · fxlb · commit d6c4b176bab6 · 2023-08-24T03:05:13.000+02:00
Distributions which started building --with-user to switch to an
unpriviliged user claim that the old behavior of running under root
can be restored by passing "-Z root" on the command line. However,
doing so is different from not using --with-user, as tcpdump still
drops privileges and sets supplementary user groups.

In Linux containers using user namespaces with an in-container root
user mapped to an unprivileged external user, calling setgroups() is
usually denied, as it would allow that unprivileged user to leave
groups (see user_namespaces(7) for details). Passing "-Z root" on
a --with-user build still goes through initgroups() and therefore
setgroups(), which will fail in such a container environment. This
makes tcpdump builds using --with-user effectively unusable in such
containers.

Adjust the "-Z root" fallback to skip any privilege dropping and
supplementary group setup, making it identical to builds not using
--with-user.
diff --git a/tcpdump.c b/tcpdump.c
@@ -2078,6 +2078,8 @@ main(int argc, char **argv)
 		/* Run with '-Z root' to restore old behaviour */
 		if (!username)
 			username = WITH_USER;
+		else if (strcmp(username, "root") == 0)
+			username = NULL;
 	}
 #endif
 

Original file line number	Diff line number	Diff line change
`@@ -2078,6 +2078,8 @@ main(int argc, char **argv)`
`2078`	`2078`	`/* Run with '-Z root' to restore old behaviour */`
`2079`	`2079`	`if (!username)`
`2080`	`2080`	`username = WITH_USER;`
	`2081`	`+ else if (strcmp(username, "root") == 0)`
	`2082`	`+ username = NULL;`
`2081`	`2083`	`}`
`2082`	`2084`	`#endif`
`2083`	`2085`