From dacfc04e7cd6f478978e1502f16c970d99b21904 Mon Sep 17 00:00:00 2001
From: tkgup <tkgup@qq.com>
Date: Thu, 18 Jul 2024 13:54:47 +0800
Subject: [PATCH] fix(security): Remove RPM package residue 1. The user account
 created by RPM package remains on the server after uninstallation, and if the
 maintenance personnel do not clean it up, it is easy to be questioned by
 customers and has backdoor behavior, which poses security issues. 2. Check
 users to prevent RPM from installing and uninstalling multiple times, which
 can cause problems. 3. Optimize the order of command parameters for easy
 readability

---
 tcpdump.spec | 39 ++++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/tcpdump.spec b/tcpdump.spec
index 4f83570..b5b4791 100644
--- a/tcpdump.spec
+++ b/tcpdump.spec
@@ -3,7 +3,7 @@
 Name:           tcpdump
 Epoch:          14
 Version:        4.99.4
-Release:        4
+Release:        5
 Summary:        A network traffic monitoring tool
 License:        BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSD-4-Clause-UC AND ISC AND NTP
 URL:            http://www.tcpdump.org
@@ -66,14 +66,33 @@ install -m755 tcpdump ${RPM_BUILD_ROOT}%{_sbindir}
 install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8
 
 # fix section numbers
-sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \
-	${RPM_BUILD_ROOT}%{_mandir}/man8/*
+sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' ${RPM_BUILD_ROOT}%{_mandir}/man8/*
 
 %pre
-/usr/sbin/groupadd -g 72 tcpdump 2> /dev/null
-/usr/sbin/useradd -u 72 -g 72 -s /sbin/nologin -M -r \
-	-d / tcpdump 2> /dev/null
-exit 0
+user_id=$(id -u tcpdump 2> /dev/null)
+
+if [ "_${user_id}" = "_" ]; then
+    # check and create group tcpdump first
+    if ! getent group tcpdump &> /dev/null; then
+     /usr/sbin/groupadd -g 72 tcpdump 2> /dev/null
+    fi
+    # group tcpdump may created by other, id is not sure
+    /usr/sbin/useradd -r -u 72 -g tcpdump -d /home/tcpdump -M -s /sbin/nologin tcpdump 2> /dev/null
+fi
+
+%postun
+user_id=$(id -u tcpdump 2> /dev/null)
+group_id=$(id -g tcpdump 2> /dev/null)
+
+if [ "_${user_id}" = "_72" ]; then
+  # del user tcpdump created by rpm first
+  /usr/sbin/userdel tcpdump 2> /dev/null
+
+  # del group tcpdump created by rpm and group may be deleted when delete user
+  if getent group tcpdump 2> /dev/null && [ "_${group_id}" = "_72" ]; then
+    /usr/sbin/groupdel tcpdump 2> /dev/null
+  fi
+fi
 
 %check
 make check
@@ -89,6 +108,12 @@ make check
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
+* Wed Jul 17 2024 tangkuigang <tkgup@qq.com> - 14:4.99.4-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:resolve user information residue after RPM package uninstallation, add user checks
+
 * Tue May 07 2024 xinghe <xinghe2@h-partners.com> - 14:4.99.4-4
 - Type:bugfix
 - CVE:NA
-- 
Gitee