Odd error after vsftpd upgrade

Yann Rouillard yann at pleiades.fr.eu.org
Wed Feb 5 20:48:37 CET 2014 

In fact vsftpd always chroots some of its process for security reasons.

So it was indeed lazy loading which caused the problem, it is desactivated
in the new package.

I uploaded fixed packages which should land soon in the unstable repository.

Yann


2014-02-05 Boldt, David <dboldt at usgs.gov>:

> success!
>
> Many thanks.
>
>
> does not look like we have been explicitly requesting a chroot:
> % grep -i chroot /etc/opt/csw/vsftpd/vsftpd.conf
> # You may specify an explicit list of local users to chroot() to their home
> # directory. If chroot_local_user is YES, then this list becomes a list of
> # users to NOT chroot().
> #chroot_list_enable=YES
> #chroot_list_file=/etc/vsftpd.chroot_list
>
> (no /etc/vsftpd.conf file)
>
>
> On Wed, Feb 5, 2014 at 4:58 AM, Yann Rouillard <yann at pleiades.fr.eu.org>wrote:
>
>> Hi again,
>>
>> Could you try the following package to check if it solves your problem ?
>>
>> http://buildfarm.opencsw.org/opencsw/experimental/yann/i386/5.10/vsftpd-3.0.2,REV=2014.02.05-SunOS5.10-i386-UNCOMMITTED.pkg.gz
>>
>> Yann
>>
>>
>> 2014-02-05 Yann Rouillard <yann at pleiades.fr.eu.org>:
>>
>>> Hi,
>>>
>>> I suspect that this is rather a side effect of libraries lazy loading +
>>> chrooting: vsftpd tries to load the library only when first needed but it
>>> happens after chrooting has been performed, hence it can't find the library
>>> which is present outside of the chroot.
>>>
>>> Can you confirm that you are indeed using vsftpd with chrooting enabled ?
>>>
>>>
>>> Yann
>>>
>>>
>>>
>>> 2014-02-05 Ben Walton <bwalton at opencsw.org>:
>>>
>>> On Wed, Feb 5, 2014 at 1:21 AM, Boldt, David <dboldt at usgs.gov> wrote:
>>>> > Running Solaris 10 on x86.
>>>> >
>>>> > I've restarted /opt/csw/sbin/vsftpd after the upgrade.
>>>> >
>>>> > ftp connections produce the following error on "get":
>>>> >
>>>> > ftp> get sgrtos.flash
>>>> > 200 PORT command successful. Consider using PASV.
>>>> > 150 Opening BINARY mode data connection for sgrtos.flash (696120
>>>> bytes).
>>>> > ld.so.1: vsftpd: fatal: libsendfile.so.1: open failed: No such file or
>>>> > directory
>>>> > ftp>
>>>> > ftp> ls
>>>> > ld.so.1: vsftpd: fatal: relocation error: file /opt/csw/sbin/vsftpd:
>>>> symbol
>>>> > sendfilev64: referenced symbol not found
>>>> > ftp> ls
>>>> > 500 OOPS: priv_sock_get_cmd
>>>> > No control connection for command: Broken pipe
>>>> >
>>>> > But the libsendfile lib is there:
>>>> >
>>>> > % ldd /opt/csw/sbin/vsftpd
>>>> >         libwrap.so.1 =>  /opt/csw/lib/i386/libwrap.so.1
>>>> >         libnsl.so.1 =>   /lib/libnsl.so.1
>>>> >         libpam.so.1 =>   /lib/libpam.so.1
>>>> >         libsocket.so.1 =>        /lib/libsocket.so.1
>>>> >         librt.so.1 =>    /lib/librt.so.1
>>>> >         libsendfile.so.1 =>      /lib/libsendfile.so.1
>>>> >         libssl.so.1.0.0 =>       /opt/csw/lib/i386/libssl.so.1.0.0
>>>> >         libcrypto.so.1.0.0 =>    /opt/csw/lib/i386/libcrypto.so.1.0.0
>>>> >         libc.so.1 =>     /lib/libc.so.1
>>>> >         libmp.so.2 =>    /lib/libmp.so.2
>>>> >         libmd.so.1 =>    /lib/libmd.so.1
>>>> >         libscf.so.1 =>   /lib/libscf.so.1
>>>> >         libcmd.so.1 =>   /lib/libcmd.so.1
>>>> >         libaio.so.1 =>   /lib/libaio.so.1
>>>> >         libdoor.so.1 =>  /lib/libdoor.so.1
>>>> >         libuutil.so.1 =>         /lib/libuutil.so.1
>>>> >         libgen.so.1 =>   /lib/libgen.so.1
>>>> >         libm.so.2 =>     /lib/libm.so.2
>>>> >
>>>> > % ls -l /lib/libsendfile.so.1
>>>> > -rwxr-xr-x 1 root bin 9552 Jan  8  2007 /lib/libsendfile.so.1
>>>> >
>>>> > Have "[ftp] FAIL DOWNLOAD" errors in vsftpd.log, but nothing helpful.
>>>> > Nothing in messages log file.
>>>> >
>>>> > I am very perplexed and grateful for any suggestions.
>>>>
>>>>
>>>> Can you provide the output of dump -Lv /opt/csw/sbin/vsftpd ?
>>>>
>>>> It looks like there is a 32 vs 64 bit mismatch in expectations here.
>>>>
>>>> Thanks
>>>> -Ben
>>>>
>>>
>>>
>>
>
>
> --
>                                          -- David Boldt
>                                             <dboldt at usgs.gov>
>
>
>    "No one really listens to anyone else, and if you try it for a while
> you'll see why."
>     --Mignon McLaughlin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20140205/85276aba/attachment.html>

More information about the users mailing list