[Bug 786024] New: vsftpd broken - OOPS: priv_sock_get_cmd
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c0 Summary: vsftpd broken - OOPS: priv_sock_get_cmd Classification: openSUSE Product: openSUSE Factory Version: 12.3 Milestone 0 Platform: Other OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: mvyskocil@suse.com ReportedBy: suse-beta@cboltz.de QAContact: qa-bugs@suse.de Found By: Beta-Customer Blocker: --- vsftpd is running, but... # ncftp -u demo localhost NcFTP 3.2.4 (May 16, 2010) by Mike Gleason (http://www.NcFTP.com/contact/). Server hungup immediately after connect. OOPS: priv_sock_get_cmd Workaround: add seccomp_sandbox=NO to vsftpd.conf See also https://bbs.archlinux.org/viewtopic.php?id=147074 - the page says this is fixed in vsftpd 3.0.2, so updating vsftpd to this version should be enough. I did not test if this bug is only in Factory (I'm using factory-tested from 2012-10-03) or also in 12.2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c1 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #1 from Michal Vyskocil <mvyskocil@suse.com> 2012-10-22 12:02:32 UTC --- Sounds reasonable, so maintenance team, I'd like to do maintenance update to vsftpd 3.0.2 in 12.2. Changelog says it's a bugfix release, so I think it's safe to do https://security.appspot.com/vsftpd/Changelog.txt -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c2 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|maintenance@opensuse.org | --- Comment #2 from Benjamin Brunner <bbrunner@suse.com> 2012-10-22 14:16:11 CEST --- Michal could you do a maintenancerequest with the fixed package for 12.2 and submit it to factory too, please? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c3 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Status|NEW |ASSIGNED --- Comment #3 from Michal Vyskocil <mvyskocil@suse.com> 2012-10-22 12:56:32 UTC --- ok -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c4 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #4 from Michal Vyskocil <mvyskocil@suse.com> 2012-10-22 13:40:38 UTC --- 12.2: 138997 factory: 138998 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> 2012-10-22 16:00:27 CEST --- This is an autogenerated message for OBS integration: This bug (786024) was mentioned in https://build.opensuse.org/request/show/138998 Factory / vsftpd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> 2012-10-29 12:08:40 UTC --- openSUSE-RU-2012:1405-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 786024 CVE References: Sources used: openSUSE 12.2 (src): vsftpd-3.0.2-3.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c7 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #7 from Christian Boltz <suse-beta@cboltz.de> 2013-02-04 13:50:13 CET --- I have good and bad news. - good news: it works on 12.2 - bad news: I still get the same error on current factory (unmodified vsftpd.conf as shipped in the rpm) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c8 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lmuelle@suse.com --- Comment #8 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-04 13:30:18 UTC --- *** Bug 801871 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=801871 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c9 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Network |Network Version|12.3 Milestone 0 |RC 1 AssignedTo|mvyskocil@suse.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE Factory |openSUSE 12.3 Target Milestone|--- |RC 2 OS/Version|openSUSE 12.2 |Linux --- Comment #9 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-04 14:11:59 UTC --- Changed the product to appear on a list of 12.3 bugs ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |mvyskocil@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c10 --- Comment #10 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-12 16:47:42 UTC --- It seems there is some race - when I've added vfs_cmdio_write into the code to find the location, where it happens, the priv_sock_get_cmd disappeared. So still under investigating. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c11 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |kukuk@suse.com --- Comment #11 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-21 13:30:46 UTC --- Well, I suspect the pam subsystem try to open a /dev/log. When add the socket(PF_FILE) into the whitelist, vsftpd seems to work. However I've got an another issue with pam (this is valid even if seccomp_sanbox is disabled). 2013-02-21T14:20:17.693042+01:00 linux-xtv2 vsftpd[1]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1 user=mvyskocil 2013-02-21T14:20:18.407159+01:00 linux-xtv2 vsftpd[1]: pam_sss(vsftpd:auth): authentication success; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1 user=mvyskocil 2013-02-21T14:20:18.409089+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted 2013-02-21T14:20:18.411338+01:00 linux-xtv2 vsftpd[1]: [mvyskocil] FAIL LOGIN: Client "::1" @thorsen: I would say both CAP_AUDIT_* are needed for vsftpd. I'm right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c12 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|kukuk@suse.com | --- Comment #12 from Thorsten Kukuk <kukuk@suse.com> 2013-02-21 13:37:26 UTC --- (In reply to comment #11)
Well, I suspect the pam subsystem try to open a /dev/log.
PAM calls syslog(), which I assumes opens /dev/log.
2013-02-21T14:20:17.693042+01:00 linux-xtv2 vsftpd[1]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1 user=mvyskocil 2013-02-21T14:20:18.407159+01:00 linux-xtv2 vsftpd[1]: pam_sss(vsftpd:auth): authentication success; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1 user=mvyskocil 2013-02-21T14:20:18.409089+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted 2013-02-21T14:20:18.411338+01:00 linux-xtv2 vsftpd[1]: [mvyskocil] FAIL LOGIN: Client "::1"
@thorsen: I would say both CAP_AUDIT_* are needed for vsftpd. I'm right?
I have no idea about CAP_AUDIT_*, but PAM is using the audit subsystem for logging. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c13 --- Comment #13 from Christian Boltz <suse-beta@cboltz.de> 2013-02-21 19:10:30 CET --- (In reply to comment #11)
@thorsen: I would say both CAP_AUDIT_* are needed for vsftpd. I'm right?
Just ask AppArmor, your friendly permission inventory software (and, side effect, it secures your server ;-) This is what I have in my AppArmor profile for vsftpd: capability audit_write, capability setgid, capability setuid, capability sys_admin, capability sys_chroot, Note: sys_admin might be a leftover from older versions and might no longer be needed - IIRC in the past audit_write was a part of sys_admin. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c14 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P2 - High |P1 - Urgent --- Comment #14 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-25 14:55:37 UTC --- @cboltz: thanks, I'll patch vsftpd to keep CAP_AUDIT_WRITE then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c15 --- Comment #15 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-27 15:43:19 UTC --- It still prints the same error - I've patched vsftpd to set CAP_AUDIT_WRITE (and CAP_AUDIT_CONTROL) before pam auth session, but the fail remains the same. 11256 16:38:08.161851 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0 11256 16:38:08.161911 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL, CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL, 0}) = 0 11256 16:38:08.161964 getppid() = 0 and later on ... 11256 16:38:08.188437 sendto(5, "<82>Feb 27 16:38:08 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted", 91, MSG_NOSIGNAL, NULL, 0) = 91 I've verified this behaves same for local users as well, so not connected with pam_sss. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c16 --- Comment #16 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-28 13:19:11 UTC --- Created an attachment (id=527476) --> (http://bugzilla.novell.com/attachment.cgi?id=527476) strace output of vsftpd This is the full strace output, but I was not able to realize which syscall triggered the audit error. Note that process calls capset for CAP_AUDIT_WRITE (+ _CONTROL, which shall not be needed). I would not say there are no more capabilities to try. This is a part relevant starting with what audit_init do 7462 14:01:23.677346 socket(PF_NETLINK, SOCK_RAW, 9) = 4 7462 14:01:23.677412 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 7462 14:01:23.677463 socket(PF_NETLINK, SOCK_RAW, 0) = 5 7462 14:01:23.677499 bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 7462 14:01:23.677541 getsockname(5, {sa_family=AF_NETLINK, pid=1, groups=00000000}, [12]) = 0 7462 14:01:23.677583 sendto(5, "\24\0\0\0\26\0\1\3#U/Q\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 7462 14:01:23.677634 recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0#U/Q\1\0\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0#U/Q\1\0\0\0\2\22\200\0\2\0\0\0\10\0\1\0\nd3Y\10\0\2\0\nd3Y\10\0\4\0\nd?\377\t\0\3\0eth0\0\0\0\0<\0\0\0\24\0\2\0#U/Q\1\0\0\0\2\27\200\0\3\0\0\0\10\0\1\0\225,\2106\10\0\2\0\225,\2106\10\0\4\0\225,\211\377\n\0\3\0wlan0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 168 7462 14:01:23.677687 recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0#U/Q\1\0\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\24\0\6\0\377\377\377\377\377\377\377\377j\3\0\0j\3\0\0@\0\0\0\24\0\2\0#U/Q\1\0\0\0\n@\200\375\2\0\0\0\24\0\1\0\376\200\0\0\0\0\0\0>\227\16\377\376q\2767\24\0\6\0\377\377\377\377\377\377\377\377]\321\3\0]\321\3\0@\0\0\0\24\0\2\0#U/Q\1\0\0\0\n@\200\375\3\0\0\0\24\0\1\0\376\200\0\0\0\0\0\0\206:K\377\376[\253\314\24\0\6\0\377\377\377\377\377\377\377\377\241\322\3\0\241\322\3\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 192 7462 14:01:23.677730 recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0#U/Q\1\0\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 7462 14:01:23.677769 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 6 7462 14:01:23.677804 connect(6, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = 0 7462 14:01:23.677847 sendto(6, "\2\0\0\0\r\0\0\0\6\0\0\0hosts\0", 18, MSG_NOSIGNAL, NULL, 0) = 18 7462 14:01:23.677882 poll([{fd=6, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=6, revents=POLLIN}]) 7462 14:01:23.677936 recvmsg(6, {msg_name(0)=NULL, msg_iov(2)=[{"hosts\0", 6}, {"\310O\3\0\0\0\0\0", 8}], msg_controllen=24, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {7}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 14 7462 14:01:23.678022 mmap(NULL, 217032, PROT_READ, MAP_SHARED, 7, 0) = 0x7fc3b1cf7000 7462 14:01:23.678113 close(7) = 0 7462 14:01:23.678169 close(6) = 0 7462 14:01:23.678252 close(5) = 0 7462 14:01:23.678388 readlink("/proc/self/exe", "/usr/sbin/vsftpd", 4096) = 16 7462 14:01:23.678541 sendto(4, "\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 132, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 132 7462 14:01:23.678605 poll([{fd=4, events=POLLIN}], 1, 500) = 1 ([{fd=4, revents=POLLIN}]) 7462 14:01:23.678654 recvfrom(4, "\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152 7462 14:01:23.678709 recvfrom(4, "\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152 7462 14:01:23.678759 getuid() = 0 7462 14:01:23.678802 getuid() = 0 7462 14:01:23.678880 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 7462 14:01:23.678927 connect(5, {sa_family=AF_FILE, sun_path="/dev/log"}, 110) = 0 7462 14:01:23.678977 sendto(5, "<82>Feb 28 14:01:23 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted", 91, MSG_NOSIGNAL, NULL, 0) = 91 7462 14:01:23.679050 close(4) = 0 But despite the recvfrom(4 did not failed, the Operation not permitted is returned, but I have no idea why. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c17 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |tonyj@suse.com --- Comment #17 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-28 13:23:54 UTC --- @tonyj: can you check the strace output and find why the pam returns such error? The Linux-PAM-1.1.6/lib/pam_audit.c does this rc = audit_log_acct_message (audit_fd, type, NULL, buf, (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); /* libaudit sets errno to his own negative error code. This can be an official errno number, but must not. It can also be a audit internal error code. Which makes errno useless :-((. Try the best to fix it. */ errno = -rc; pamh->audit_state |= PAMAUDIT_LOGGED; if (rc < 0) { if (rc == -EPERM && getuid() != 0) return 0; if (errno != old_errno) { old_errno = errno; pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m"); } } return rc; so audit_log_acct_message returned negative value, but if I have no idea why. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c18 --- Comment #18 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-02-28 17:00:07 CET --- This is an autogenerated message for OBS integration: This bug (786024) was mentioned in https://build.opensuse.org/request/show/156829 Factory / vsftpd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c19 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@suse.com --- Comment #19 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-28 16:03:17 UTC --- *** Bug 806758 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=806758 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c20 Tony Jones <tonyj@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tonyj@suse.com --- Comment #20 from Tony Jones <tonyj@suse.com> 2013-02-28 19:51:50 UTC --- I need to get this string data in a format that's easier to understand. The \230 part is a netlink header but "strace -xx" format would be much easier for me to decipher. 7462 14:01:23.678654 recvfrom(4, "\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152 7462 14:01:23.678709 recvfrom(4, "\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c21 --- Comment #21 from Tony Jones <tonyj@suse.com> 2013-02-28 20:11:32 UTC --- \230\0\0\0 is the nlmsghdr.nlmsg_len \2\0 is nlmsghdr.nlmsg_type == NLMSG_ERROR it would be easier to decipher the rest in hex. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c22 --- Comment #22 from Tony Jones <tonyj@suse.com> 2013-03-01 20:40:43 UTC --- (In reply to comment #17)
@tonyj: can you check the strace output and find why the pam returns such error? The Linux-PAM-1.1.6/lib/pam_audit.c does this
rc = audit_log_acct_message (audit_fd, type, NULL, buf, (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );
/* libaudit sets errno to his own negative error code. This can be an official errno number, but must not. It can also be a audit internal error code. Which makes errno useless :-((. Try the best to fix it. */ errno = -rc;
pamh->audit_state |= PAMAUDIT_LOGGED;
if (rc < 0) { if (rc == -EPERM && getuid() != 0) return 0; if (errno != old_errno) { old_errno = errno; pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m"); } } return rc;
so audit_log_acct_message returned negative value, but if I have no idea why.
The code in audit (lib/netlink.c::check_ack()) /* NLMSG_ERROR can indicate success, only report nonzero */ if (rep.error->error) { errno = -rep.error->error; return rep.error->error; Based on the strace log, rep.error->error is -1 which should be what is returned back to PAM. Is there anything informative in the kernel or audit logs? Otherwise can you give me a quick tutorial on how to setup to reproduce as I'll have to debug the library. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c23 Olivier Nicolas <o.nicolas@skynet.be> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |o.nicolas@skynet.be --- Comment #23 from Olivier Nicolas <o.nicolas@skynet.be> 2013-03-02 21:51:58 UTC --- (In reply to comment #20)
I need to get this string data in a format that's easier to understand. The \230 part is a netlink header but "strace -xx" format would be much easier for me to decipher.
strace -xx output [pid 6654] close(6) = 0 [pid 6654] close(5) = 0 [pid 6654] readlink("\x2f\x70\x72\x6f\x63\x2f\x73\x65\x6c\x66\x2f\x65\x78\x65", "\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64", 4096) = 16 [pid 6654] sendto(4, "\x78\x00\x00\x00\x4c\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x63\x63\x74\x3d\x22\x64\x65\x6d\x6f\x22\x20\x65\x78\x65\x3d\x22\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64\x22\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x3d\x3a\x3a\x31\x20\x61\x64\x64\x72\x3d\x3a\x3a\x31\x20\x74\x65\x72\x6d\x69\x6e\x61\x6c\x3d\x66\x74\x70\x20\x72\x65\x73\x3d\x73\x75\x63\x63\x65\x73\x73\x00", 120, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 120 [pid 6654] poll([{fd=4, events=POLLIN}], 1, 500) = 1 ([{fd=4, revents=POLLIN}]) [pid 6654] recvfrom(4, "\x8c\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\xd7\xee\xff\xff\xff\xff\xff\xff\x78\x00\x00\x00\x4c\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x63\x63\x74\x3d\x22\x64\x65\x6d\x6f\x22\x20\x65\x78\x65\x3d\x22\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64\x22\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x3d\x3a\x3a\x31\x20\x61\x64\x64\x72\x3d\x3a\x3a\x31\x20\x74\x65\x72\x6d\x69\x6e\x61\x6c\x3d\x66\x74\x70\x20\x72\x65\x73\x3d\x73\x75\x63\x63\x65\x73\x73\x00", 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 140 [pid 6654] recvfrom(4, "\x8c\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\xd7\xee\xff\xff\xff\xff\xff\xff\x78\x00\x00\x00\x4c\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x63\x63\x74\x3d\x22\x64\x65\x6d\x6f\x22\x20\x65\x78\x65\x3d\x22\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64\x22\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x3d\x3a\x3a\x31\x20\x61\x64\x64\x72\x3d\x3a\x3a\x31\x20\x74\x65\x72\x6d\x69\x6e\x61\x6c\x3d\x66\x74\x70\x20\x72\x65\x73\x3d\x73\x75\x63\x63\x65\x73\x73\x00", 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 140 [pid 6654] getuid() = 0 [pid 6654] getuid() = 0 [pid 6654] socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 [pid 6654] connect(5, {sa_family=AF_FILE, sun_path="\x2f\x64\x65\x76\x2f\x6c\x6f\x67"}, 110) = 0 [pid 6654] sendto(5, "\x3c\x38\x32\x3e\x4d\x61\x72\x20\x20\x32\x20\x32\x32\x3a\x34\x36\x3a\x31\x39\x20\x76\x73\x66\x74\x70\x64\x3a\x20\x50\x41\x4d\x20\x61\x75\x64\x69\x74\x5f\x6c\x6f\x67\x5f\x61\x63\x63\x74\x5f\x6d\x65\x73\x73\x61\x67\x65\x28\x29\x20\x66\x61\x69\x6c\x65\x64\x3a\x20\x4f\x70\x65\x72\x61\x74\x69\x6f\x6e\x20\x6e\x6f\x74\x20\x70\x65\x72\x6d\x69\x74\x74\x65\x64", 88, MSG_NOSIGNAL, NULL, 0) = 88 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c24 --- Comment #24 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-04 13:37:49 UTC ---
Is there anything informative in the kernel or audit logs? Otherwise can you give me a quick tutorial on how to setup to reproduce as I'll have to debug the library.
Hi, I don't see anything useful in system log 2013-03-04T14:27:45.535028+01:00 linux-xtv2 systemd[1]: Started Vsftpd ftp daemon. 2013-03-04T14:28:01.953454+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted 2013-03-04T14:28:01.954845+01:00 linux-xtv2 vsftpd[1]: [test] FAIL LOGIN: Client "127.0.0.1" 2013-03-04T14:28:14.316061+01:00 linux-xtv2 systemd[1]: Started Vsftpd ftp daemon. 2013-03-04T14:28:39.682743+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted 2013-03-04T14:28:39.684083+01:00 linux-xtv2 vsftpd[1]: [test] FAIL LOGIN: Client "127.0.0.1" and dmesg seems to be full of wlan0 related things only. Steps to reproduce 1.) install 12.3 RC2 2.) zypper install vsftpd 3.) useradd test 4.) echo "test" | passwd test 5.) systemctl start vsftpd.service 6.) ftp ftp://test:test@localhost BTW: you might get a OOPS: priv_sock_get_cmd, in this case please add Workaround: add seccomp_sandbox=NO to vsftpd.conf It has been fixed, just I am not sure if it appear in RC2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c25 --- Comment #25 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-03-06 20:00:18 CET --- This is an autogenerated message for OBS integration: This bug (786024) was mentioned in https://build.opensuse.org/request/show/157548 Factory / vsftpd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c26 --- Comment #26 from Tony Jones <tonyj@suse.com> 2013-03-06 22:29:02 UTC --- (In reply to comment #24)
Steps to reproduce 1.) install 12.3 RC2 2.) zypper install vsftpd 3.) useradd test 4.) echo "test" | passwd test 5.) systemctl start vsftpd.service 6.) ftp ftp://test:test@localhost
BTW: you might get a OOPS: priv_sock_get_cmd, in this case please add
Workaround: add seccomp_sandbox=NO to vsftpd.conf
It has been fixed, just I am not sure if it appear in RC2
Thanks, I can reproduce, but I don't have an answer yet. It's odd as - 'auditctl -m' is working fine, this calls audit_send_user_message() and succeeds. - su succeeds, here PAM is calling audit_log_acct_message() which is calling audit_send_user_message() su: in audit_log_acct_message audit_fd=3, type=1104, pgname='(null)', op='PAM:setcred', name='root', id=4294967295, host='(null)', addr='(null)', tty='pts/3', result=1 return is 6 vsftp: in audit_log_acct_message audit_fd=4, type=1100, pgname='(null)', op='PAM:authentication', name='test', id=4294967295, host='127.0.0.1', addr='(null)', tty='ftp', result=1 return is -1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c27 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |johanp@aditus.nu --- Comment #27 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-20 09:43:01 UTC --- *** Bug 809858 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=809858 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c28 --- Comment #28 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-20 09:46:00 UTC --- @tonyj: would you say the audit=0 on a commandline can work-around it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c29 Cristian Rodríguez <crrodriguez@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |edu.rm.85@gmail.com --- Comment #29 from Cristian Rodríguez <crrodriguez@opensuse.org> 2013-03-27 14:45:23 CLT --- *** Bug 811324 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=811324 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c30 Chuck Davis <cjgunzel@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cjgunzel@gmail.com --- Comment #30 from Chuck Davis <cjgunzel@gmail.com> 2013-03-27 20:15:36 UTC --- When attempting to start vsftpd in system services of YaST a message is returned that network-remotefs service is required. It appears vsftpd is started because port 21 is open from a remote machine but it is not possible to connect to the server. A Linux server with no working FTP server is a real black eye! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c31 --- Comment #31 from Chuck Davis <cjgunzel@gmail.com> 2013-03-27 20:18:03 UTC --- P.S. I'm using 12.3 released version, 64 bit. This is no longer a development version issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c32 --- Comment #32 from Johan Persson <johanp@aditus.nu> 2013-03-27 20:23:37 UTC --- (In reply to comment #30)
A Linux server with no working FTP server is a real black eye!
Until this is fixed an easy workaround for this "black-eye" is to use pure-ftpd instead which works just fine and is functional equivalent in (almost) all practical sense to vsftpd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c34 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|vsftpd broken - OOPS: |vsftpd broken: |priv_sock_get_cmd |audit_log_acct_message() | |failed: Operation not | |permitted --- Comment #34 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-28 09:20:46 UTC --- changed summary to match the current problem -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c35 Ioannis Theodoridis <ITheodoridis@bankofgreece.gr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ITheodoridis@bankofgreece.g | |r --- Comment #35 from Ioannis Theodoridis <ITheodoridis@bankofgreece.gr> 2013-03-28 11:04:41 UTC --- I am facing the same problem with OpenSuSE 12.3 64bit, network install. Pure-ftpd is reported (OpenSuSE forums) to work only if pam athentication is disabled (and local authentication enabled) in the pure-ftpd configuration. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c36 --- Comment #36 from Johan Persson <johanp@aditus.nu> 2013-03-28 14:35:33 UTC --- (In reply to comment #35)
Pure-ftpd is reported (OpenSuSE forums) to work only if pam athentication is disabled (and local authentication enabled) in the pure-ftpd configuration.
Strange, I'm using pure-ftpd (SuSE 12.3) with configuration PAMAuthentication yes and this works just fine (but vsftpd does not). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c37 --- Comment #37 from Ioannis Theodoridis <ITheodoridis@bankofgreece.gr> 2013-03-28 15:22:09 UTC --- When I tried it personally, it refused to start. I will check one more time and repost. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c38 Tony Jones <tonyj@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|tonyj@suse.com | --- Comment #38 from Tony Jones <tonyj@suse.com> 2013-03-29 04:56:45 UTC --- Ubuntu bug on this also: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372 The issue is occurring because it seems vsftp has changed it's pid namespace. Probably from sysdeputil.c::vsf_sysutil_fork_isolate_failok() "syscall(__NR_clone, CLONE_NEWPID)" There is a specific prohibition in the kernel on this: ----------------------------------------------------------------------------- commit 34e36d8ecbd958bc15f8e63deade1227de337eb1 Author: Eric W. Biederman <ebiederm@xmission.com> Date: Mon Sep 10 23:20:20 2012 -0700 audit: Limit audit requests to processes in the initial pid and user namespaces. This allows the code to safely make the assumption that all of the uids gids and pids that need to be send in audit messages are in the initial namespaces. If someone cares we may lift this restriction someday but start with limiting access so at least the code is always correct. ----------------------------------------------------------------------------- Regarding audit=0. I imagine it would solve the issue, rather extreme. Also if I boot with audit=0 then client side ftp fails with "500 OOPS: priv_sock_get_cmd" (seccomp_sandbox=NO in /etc/vsftpd.conf). Can you verify if the above vsftp codepath is indeed being executed and see what happens if VSF_SYSDEP_HAVE_LINUX_CLONE is disabled. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c39 --- Comment #39 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-29 08:10:17 UTC --- vsftpd calls CLONE_NEWPID on SUSE - it is visible in #comment11 (see vsftpd[1]).
Also if I boot with audit=0 then client side ftp fails with "500 OOPS: priv_sock_get_cmd" (seccomp_sandbox=NO in /etc/vsftpd.conf).
This does not makes any sense to me. This bug is related to enabled seccomp sanbox, but it was fixed before 12.3 release. I'll test that. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c40 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P1 - Urgent |P3 - Medium --- Comment #40 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-29 08:46:06 UTC ---
Can you verify if the above vsftp codepath is indeed being executed and see what happens if VSF_SYSDEP_HAVE_LINUX_CLONE is disabled.
With a traditional fork pam session can be opened, however next test - an attempt to download the file dies on a seccomp sanbox. The same apply for a clone w/o NEW_PID, where an audit error is different. I will track this in an another bug to not pollute this one with third issue. lowering a priority of this issue, patch is in home:mvyskocil:branches:network/vsftpd https://build.opensuse.org/project/show?project=home%3Amvyskocil%3Abranches%... https://build.opensuse.org/package/view_file?expand=1&file=vsftpd-drop-newpid-from-clone.patch&package=vsftpd&project=home%3Amvyskocil%3Abranches%3Anetwork -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |812406 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c41 --- Comment #41 from Eduardo Rayas <edu.rm.85@gmail.com> 2013-03-29 11:23:41 UTC --- Well, I have a question now. Will the system be updated to run VSFTPD correctly or I have to apply the patch manually? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c42 --- Comment #42 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-29 11:49:19 UTC --- (In reply to comment #41)
Well, I have a question now.
Will the system be updated to run VSFTPD correctly or I have to apply the patch manually?
There will be a maintenance update, once all issues will be resolved. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c Bug 786024 depends on bug 812406, which changed state. Bug 812406 Summary: vsftpd dies on attemt to download file http://bugzilla.novell.com/show_bug.cgi?id=812406 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c43 --- Comment #43 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-04 13:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (786024) was mentioned in https://build.opensuse.org/request/show/162591 Factory / vsftpd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c44 --- Comment #44 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-04 14:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (786024) was mentioned in https://build.opensuse.org/request/show/162608 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c45 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #45 from Michal Vyskocil <mvyskocil@suse.com> 2013-04-04 12:02:46 UTC --- Sent an update to 12.3 via 162608 @maintenance, please open a new maintenance incident -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c46 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED CC| |meissner@suse.com InfoProvider|maintenance@opensuse.org | Resolution| |FIXED --- Comment #46 from Marcus Meissner <meissner@suse.com> 2013-04-08 14:54:42 UTC --- accepted -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c47 Angelos Tzotsos <tzotsos@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tzotsos@gmail.com --- Comment #47 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-12 16:25:00 UTC --- Hi all, I see that the update is accepted but not yet released. Is there an ETA on the update? Perhaps a testing repo for the update to see if it works? Cheers, Angelos -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c48 --- Comment #48 from Marcus Meissner <meissner@suse.com> 2013-04-12 18:14:59 UTC --- http://download.opensuse.org/update/12.3-test/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c49 --- Comment #49 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-12 18:26:28 UTC --- Thanks Markus, I installed the test-update repository and vsftp from there. I get the following error: ftp ftp://test:test@localhost Trying ::1... ftp: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. 220 Welcome message 331 Please specify the password. 500 OOPS: vsftpd: refusing to run with writable root inside chroot() ftp: Login failed. ftp: Can't connect or login to host `localhost' 500 OOPS: priv_sock_get_cmd Any ideas? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c50 --- Comment #50 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-12 19:11:44 UTC --- Update: I flushed everything from my server, even the yast-ftp module. Then I installed vsftp from test-update and it works. Now I am having issue with Extended Passive Mode that seems to be enabled by default. I reinstalled yast-ftp module and I get the 500 error as above. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c51 --- Comment #51 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-12 19:54:03 UTC --- Update2: I flushed again everything but did not manage to get it working again. The log message when I run "service vsftpd status" shows login success, but the client reports error 500 and closes connection. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c52 --- Comment #52 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-12 20:41:50 UTC --- (In reply to comment #37)
When I tried it personally, it refused to start. I will check one more time and repost.
Hi Ioannis, Any updates on that? Did you manage to make it work with pure-ftp? I am having the same problem: pure-ftp refuses to start. I upgraded from 12.2. Did you upgrade too or was it a clean install? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c53 --- Comment #53 from Ioannis Theodoridis <ITheodoridis@bankofgreece.gr> 2013-04-15 05:56:21 UTC --- (In reply to comment #52)
(In reply to comment #37)
When I tried it personally, it refused to start. I will check one more time and repost.
Hi Ioannis,
Any updates on that? Did you manage to make it work with pure-ftp? I am having the same problem: pure-ftp refuses to start. I upgraded from 12.2. Did you upgrade too or was it a clean install?
Hello Angelos :) Yes I tried again, it needs to start through xinetd or it will not start on its own (standalone). I can't say I like it, but I will live until we get the official update for vsftpd through official repos, which I am waiting for very patiantly... Let's hope it doesn't take forever.. Guys the limitations of open source are showing in this case.. I know it's unfair, but the reaction I am gettinig in my enterprise is surprise and dissappointment. We are definately not winning over any business people like that. Personally, I am keeping a low profile till this is resolved. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c54 --- Comment #54 from Swamp Workflow Management <swamp@suse.de> 2013-04-15 08:04:50 UTC --- openSUSE-RU-2013:0677-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 786024,812406 CVE References: Sources used: openSUSE 12.3 (src): vsftpd-3.0.2-4.5.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c55 --- Comment #55 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-15 10:03:35 UTC --- Unfortunately the update did not work for me. I still get the "500 OOPS: priv_sock_get_cmd" error. Disabling seccomp sandbox is not working for me either... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c56 --- Comment #56 from Michal Vyskocil <mvyskocil@suse.com> 2013-04-18 08:54:21 UTC --- (In reply to comment #55)
Unfortunately the update did not work for me. I still get the "500 OOPS: priv_sock_get_cmd" error. Disabling seccomp sandbox is not working for me either...
Well, without a providing any more information I cannot help you much. Would you be so kind to open a new bug? I would need to explain what are you try to do - do you see that with (non)-anonymous download? How your vsftpd.conf look like? Does grep 'vsftpd' /var/log/messages says anything usefull? BTW: the output of strace -tt -s 512 of vsftpd daemon. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c57 --- Comment #57 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-18 09:49:34 UTC --- Created an attachment (id=535776) --> (http://bugzilla.novell.com/attachment.cgi?id=535776) configuration file that fails -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c58 --- Comment #58 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-18 09:49:50 UTC --- Hi Michal, Thanks for the reply. I have switched to sftp to bypass this issue. Here is the info you asked: # ftp ftp://ueser:*****.@localhost Trying ::1... ftp: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. 220 Welcome message 331 Please specify the password. 500 OOPS: vsftpd: refusing to run with writable root inside chroot() ftp: Login failed. ftp: Can't connect or login to host `localhost' 500 OOPS: priv_sock_get_cmd # grep 'vsftpd' /var/log/messages Apr 18 12:38:49 aiolos xinetd[23286]: Reading included configuration file: /etc/xinetd.d/vsftpd [file=/etc/xinetd.d/vsftpd] [line=90] Apr 18 12:39:03 aiolos xinetd[23660]: Reading included configuration file: /etc/xinetd.d/vsftpd [file=/etc/xinetd.d/vsftpd] [line=90] Thanks, Angelos -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c59 --- Comment #59 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-18 09:52:53 UTC --- And the strace: # strace -p 23677 -tt -s 512 Process 23677 attached 12:51:03.048164 accept(3, {sa_family=AF_INET, sin_port=htons(46433), sin_addr=inet_addr("109.242.165.239")}, [16]) = 4 12:51:12.678545 clone(child_stack=0, flags=CLONE_NEWIPC|SIGCHLD) = 23929 12:51:12.678783 close(4) = 0 12:51:12.678855 accept(3, 0x7fffba89a3a0, [28]) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) 12:51:16.044845 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23929, si_status=2, si_utime=0, si_stime=0} --- 12:51:16.044914 alarm(1) = 0 12:51:16.044968 rt_sigreturn() = -1 EINTR (Interrupted system call) 12:51:16.045047 alarm(0) = 1 12:51:16.045095 wait4(-1, NULL, WNOHANG, NULL) = 23929 12:51:16.045173 wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes) 12:51:16.045224 accept(3, {sa_family=AF_INET, sin_port=htons(46434), sin_addr=inet_addr("109.242.165.239")}, [16]) = 4 12:51:16.083371 clone(child_stack=0, flags=CLONE_NEWIPC|SIGCHLD) = 23936 12:51:16.083620 close(4) = 0 12:51:16.083690 accept(3, 0x7fffba89a3a0, [28]) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) 12:51:25.264770 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23936, si_status=2, si_utime=0, si_stime=0} --- 12:51:25.264834 alarm(1) = 0 12:51:25.264882 rt_sigreturn() = -1 EINTR (Interrupted system call) 12:51:25.264936 alarm(0) = 1 12:51:25.264977 wait4(-1, NULL, WNOHANG, NULL) = 23936 12:51:25.265053 wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes) 12:51:25.265099 accept(3, {sa_family=AF_INET, sin_port=htons(46437), sin_addr=inet_addr("109.242.165.239")}, [16]) = 4 12:51:25.302455 clone(child_stack=0, flags=CLONE_NEWIPC|SIGCHLD) = 23941 12:51:25.302684 close(4) = 0 12:51:25.302754 accept(3, ^CProcess 23677 detached <detached ...> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c60 --- Comment #60 from Arjen de Korte <suse+build@de-korte.org> 2013-04-18 09:59:24 UTC --- (In reply to comment #58)
Hi Michal,
Thanks for the reply. I have switched to sftp to bypass this issue. Here is the info you asked:
# ftp ftp://ueser:*****.@localhost Trying ::1... ftp: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. 220 Welcome message 331 Please specify the password. 500 OOPS: vsftpd: refusing to run with writable root inside chroot() ftp: Login failed. ftp: Can't connect or login to host `localhost' 500 OOPS: priv_sock_get_cmd
Add allow_writeable_chroot=YES to the bottom of your /etc/vsftpd.conf file. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c61 --- Comment #61 from Angelos Tzotsos <tzotsos@gmail.com> 2013-04-18 10:07:41 UTC --- Thanks, it is working locally now. I still cannot access from remote location (error while changing to /home/user) Looking into it. Thanks, Angelos -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c62 --- Comment #62 from Chuck Davis <cjgunzel@gmail.com> 2013-04-18 13:38:01 UTC --- My story: I've done several installs of 12.3. My latest, I tried when installed to start vsftpd from YaST. It would not start, as usual, with the message that for run levels 3, 5, network-remotefs had to be installed (we all know by now there is no run lever 3 or 5 with systemd ??) I tried again a couple of days ago...same thing. I keep installing all the updates so decided last night to attemp to start vsftpd again from YaST only to discover it was running! I was able to connect from another machine! I don't know which fix did it but it seems to have healed itself in some of the updates that have been released. Many thanks to the team working on this (and other) issues. If we get these basic things working 12.3 has potential to be the best since 11.4. KDE4.10.2 is VERY nice! Awesome! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c63 Ralph Moenchmeyer <rm@anracon.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rm@anracon.de --- Comment #63 from Ralph Moenchmeyer <rm@anracon.de> 2013-06-06 06:06:09 UTC --- Hi, I am using Opensue 12.3 64 Bit. Freshly installed and updated to the latest packages from the update repository. In my opinion the problems regarding the present version 3.0.2-4.5.1 of vsftp are far from resolved. As other related bugs as https://bugzilla.novell.com/show_bug.cgi?id=806758 were marked as duplicates of this one I post my findings here. Bug 1 ****** I still need seccomp_sandbox=NO to connect, when TLS is enabled. With this option set to NO everything works as expected. However, if seccomp_sandbox=YES I get the following messages in Filezilla when trying too connect from a remote system which also runs under OS 12.3: Status: TLS/SSL-Verbindung hergestellt. Antwort: 331 Please specify the password. Befehl: PASS ******* Antwort: 230 Login successful. Befehl: SYST Antwort: 215 UNIX Type: L8 Befehl: FEAT Antwort: 211-Features: Antwort: AUTH TLS Antwort: EPRT Antwort: EPSV Antwort: MDTM Antwort: PASV Antwort: PBSZ Antwort: PROT Antwort: REST STREAM Antwort: SIZE Antwort: TVFS Antwort: UTF8 Antwort: 211 End Befehl: OPTS UTF8 ON Antwort: 200 Always in UTF8 mode. Befehl: PBSZ 0 Antwort: 200 PBSZ set to 0. Befehl: PROT P Antwort: 200 PROT now Private. Status: Verbunden Status: Empfange Verzeichnisinhalt... Befehl: CWD / Antwort: 250 Directory successfully changed. Befehl: PWD Antwort: 257 "/" Befehl: TYPE I Antwort: 200 Switching to Binary mode. Befehl: PASV Fehler: GnuTLS error -15: Ein unerwartetes TLS-Paket wurde empfangen. Fehler: Verbindung zum Server getrennt: ECONNABORTED - Connection aborted Fehler: Verzeichnisinhalt konnte nicht empfangen werden Bug 2 (maybe related) ****** 2) Even with "seccomp_sandbox=NO", but switching to syslog_enable=YES I get the following message in filezilla: Status: Connecting to 192.168.0.37:21... Status: Connection established, waiting for welcome message... Response: 500 OOPS: priv_sock_get_cmd Error: Critical error Error: Could not connect to server Bug 3: ******
From some OS 12.3 remote systems I cannot connect in case the following option is not set to NO:
require_ssl_reuse=NO So all in all vsftp still shows major deficiencies on Opensuse 12.3 which were not present in OS 12.2. Any ideas what I could do ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c64 --- Comment #64 from Ralph Moenchmeyer <rm@anracon.de> 2013-06-06 08:07:45 UTC --- (In reply to comment #63)
From some OS 12.3 remote systems I cannot connect in case the following option is not set to NO:
require_ssl_reuse=NO
I have seen that the OS 12.3-systems for which the setting "require_ssl_reuse=NO" is required all had the original Filezilla version 3.5.3 form the OS 12.3 OSS repository installed. After installing Filezilla version 3.7.0.1 from the network repository http://download.opensuse.org/repositories/network/openSUSE_12.3/ this problem, which is obviously client related, disappears and the setting require_ssl_reuse=YES works. The other problems described in comment #63, however, remain. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c65 Alejandro Bonilla <abonilla@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abonilla@suse.com --- Comment #65 from Alejandro Bonilla <abonilla@suse.com> 2013-07-10 15:48:36 UTC --- guys, a fresh install of the vsftp will still show this problem, we had to use the workaround provided. If a configuration setting has changed, ie "require_ssl_reuse=NO" then we need to push this line to the default config file...! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=786024 https://bugzilla.novell.com/show_bug.cgi?id=786024#c66 --- Comment #66 from Michal Vyskocil <mvyskocil@suse.com> 2013-07-15 12:11:35 UTC --- @abonilla, @rm: hi, please open a **new** report. It's quite hard to follow the discussion in this one. And please attach the vsftpd.conf and an output of strace -f -tt You might copy the vsftpd.service to /etc/systemd/system/ change the ExecStart line to ExecStart=/usr/sbin/strace -f -tt -o /run/vsftpd.strace /usr/sbin/vsftpd /etc/vsftpd.conf and issuse systemctl daemon-reload && systemctl restart vsftpd.service -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=786024 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:2254:moderate -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=786024 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:2254:moderate |ibs:running:2254:moderate | |obs:running:5202:moderate -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=786024 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:2254:moderate |obs:running:5202:moderate |obs:running:5202:moderate | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=786024 http://bugzilla.novell.com/show_bug.cgi?id=786024#c70 --- Comment #70 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2016:1535-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 786024,935279,968138,969411,970982,971784,972169 CVE References: Sources used: SUSE Linux Enterprise Server 12-SP1 (src): vsftpd-3.0.2-31.1 SUSE Linux Enterprise Server 12 (src): vsftpd-3.0.2-31.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=786024 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:5202:moderate | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=786024 http://bugzilla.novell.com/show_bug.cgi?id=786024#c71 --- Comment #71 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2016:1548-1: An update that has 7 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 786024,935279,968138,969411,970982,971784,972169 CVE References: Sources used: openSUSE Leap 42.1 (src): vsftpd-3.0.2-17.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com