[Bug 2052493] Re: apparmor profile does not allow for rotating savefiles using the -C and -W options
Georgia Garcia
2052493 at bugs.launchpad.net
Thu Feb 8 14:53:17 UTC 2024
** Description changed:
- Reproduction steps:
+
+ [ Impact ]
+
+ AppArmor was denying the creation of .pcap files ending in digits which
+ is required by the -W parameter of tcpdump. This issue had already been
+ fixed upstream
+ https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
+ and currently only affect focal and jammy.
+
+ I also added the permission for reading and writing of .cap and .pcapng
+ files which were already allowed upstream as well.
+
+ [ Test Plan ]
+
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
+ The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
+ # for -r, -F and -w
+ /**.[pP][cC][aA][pP] rw,
- The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
- # for -r, -F and -w
- /**.[pP][cC][aA][pP] rw,
+ [ Where problems could occur ]
- It should allow for trailing numbers added to the filename.
- This is required when using the -C/-W options, as those will cause rotating filenames
+ The risk of allowing read and write to .pcap+digits is very minor
+ considering that reading and writing to .pcap is already allowed by
+ policy. Additionally, these rules are a requirement for the application
+ to work properly.
- # for -r, -F, -w, -C and -W
- /**.[pP][cC][aA][pP]* rw,
-
-
- After changing the profile, and reloading via 'service apparmor reload'
- The tcpdump will work as expected
+ [ Other Info ]
+
+ Upstream commits:
+ https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
+ https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
+ https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b
** Description changed:
-
- [ Impact ]
+ [ Impact ]
AppArmor was denying the creation of .pcap files ending in digits which
is required by the -W parameter of tcpdump. This issue had already been
fixed upstream
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
and currently only affect focal and jammy.
- I also added the permission for reading and writing of .cap and .pcapng
- files which were already allowed upstream as well.
+ I also added the permission for reading and writing of .cap and .pcapng files which were already allowed upstream as well.
+ The debdiffs for both focal and jammy are in the comments
[ Test Plan ]
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
# for -r, -F and -w
/**.[pP][cC][aA][pP] rw,
[ Where problems could occur ]
The risk of allowing read and write to .pcap+digits is very minor
considering that reading and writing to .pcap is already allowed by
policy. Additionally, these rules are a requirement for the application
to work properly.
[ Other Info ]
-
+
Upstream commits:
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2052493
Title:
apparmor profile does not allow for rotating savefiles using the -C
and -W options
Status in tcpdump package in Ubuntu:
New
Bug description:
[ Impact ]
AppArmor was denying the creation of .pcap files ending in digits
which is required by the -W parameter of tcpdump. This issue had
already been fixed upstream
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
and currently only affect focal and jammy.
I also added the permission for reading and writing of .cap and .pcapng files which were already allowed upstream as well.
The debdiffs for both focal and jammy are in the comments
[ Test Plan ]
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
# for -r, -F and -w
/**.[pP][cC][aA][pP] rw,
[ Where problems could occur ]
The risk of allowing read and write to .pcap+digits is very minor
considering that reading and writing to .pcap is already allowed by
policy. Additionally, these rules are a requirement for the
application to work properly.
[ Other Info ]
Upstream commits:
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2052493/+subscriptions
More information about the Ubuntu-sponsors
mailing list