hey list, a few minutes ago i update my proftpd-package to rc3. now i always get the follwoing error-message with a "cnnection failed" response. syslog: "... unable to set uid to -2, current uid: 65534" i searched proftpd.org, but did not find anything about it. anybody out there got the same problems?! many thanks in advance, greets, daniel
hey list,
a few minutes ago i update my proftpd-package to rc3. now i always get the follwoing error-message with a "cnnection failed" response. syslog: "... unable to set uid to -2, current uid: 65534"
i searched proftpd.org, but did not find anything about it. anybody out there got the same problems?!
many thanks in advance, greets,
daniel
Did you use the suse package from the ftp server? Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
hey roman, yes i did. if i change the uid of the user nobody to "-3" (e.g.) in my /etc/passwd, syslog changes to: "... unable to set uid to -3, current uid: 65534" any help for you? greets, daniel Roman Drahtmueller schrieb:
hey list,
a few minutes ago i update my proftpd-package to rc3. now i always get the follwoing error-message with a "cnnection failed" response. syslog: "... unable to set uid to -2, current uid: 65534"
i searched proftpd.org, but did not find anything about it. anybody out there got the same problems?!
many thanks in advance, greets,
daniel
Did you use the suse package from the ftp server?
Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
hey roman,
yes i did. if i change the uid of the user nobody to "-3" (e.g.) in my /etc/passwd, syslog changes to: "... unable to set uid to -3, current uid: 65534"
any help for you? greets,
daniel
Yes, thank you! I've been vading through the proftpd code lately because of performance problems on a big site, and I've fixed several problems that I don't know how they could come to these ideas. It seems there are more of these... 65534 is supposed to be uid nobody, "-2" should not be used since you never know how large your uids really are (16 or 32 bit). Once the ftp server has done setuid(-2) as root, it will be impossible to get back the privileges. Our package maintainer will deal with it - if anyone can, then it's him. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
hey roman, thanks for your support! you are right and you have do change your group "nogroup" to 65534, too. greets, daniel Roman Drahtmueller schrieb:
hey roman,
yes i did. if i change the uid of the user nobody to "-3" (e.g.) in my /etc/passwd, syslog changes to: "... unable to set uid to -3, current uid: 65534"
any help for you? greets,
daniel
Yes, thank you!
I've been vading through the proftpd code lately because of performance problems on a big site, and I've fixed several problems that I don't know how they could come to these ideas. It seems there are more of these...
65534 is supposed to be uid nobody, "-2" should not be used since you never know how large your uids really are (16 or 32 bit). Once the ftp server has done setuid(-2) as root, it will be impossible to get back the privileges.
Our package maintainer will deal with it - if anyone can, then it's him.
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
participants (2)
-
Daniel Quappe
-
Roman Drahtmueller