| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| drop-privs-after-opening-savefile.diff | Drop root privileges after opening savefile | not-needed | debian | https://src.fedoraproject.org/rpms/tcpdump/raw/master/f/0003-Drop-root-priviledges-before-opening-first-savefile-.patch | ||
| drop-privs-silently.diff | Drop root privileges silently as it's the default | not-needed | debian | vendor, https://src.fedoraproject.org/rpms/tcpdump/raw/master/f/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch | ||
| drop-privs-only-if-non-root.diff | [PATCH] Skip privilege dropping when using -Z root on --with-user builds Distributions which started building --with-user to switch to an unpriviliged user claim that the old behavior of running under root can be restored by passing "-Z root" on the command line. However, doing so is different from not using --with-user, as tcpdump still drops privileges and sets supplementary user groups. In Linux containers using user namespaces with an in-container root user mapped to an unprivileged external user, calling setgroups() is usually denied, as it would allow that unprivileged user to leave groups (see user_namespaces(7) for details). Passing "-Z root" on a --with-user build still goes through initgroups() and therefore setgroups(), which will fail in such a container environment. This makes tcpdump builds using --with-user effectively unusable in such containers. Adjust the "-Z root" fallback to skip any privilege dropping and supplementary group setup, making it identical to builds not using --with-user. |
Martin Willi <martin@strongswan.org> | not-needed | 2019-11-12 | ||
| install.diff | Change man page install paths for Debian and don't install a versioned binary. | Romain Francoise <rfrancoise@debian.org> | not-needed | |||
| man-section.diff | Change man page section | Romain Francoise <rfrancoise@debian.org> | not-needed |