Red Hat Bugzilla – Bug 112975
allowed vsftp session hangs when tcp wrappers spawn is used
Last modified: 2007-11-30 17:06:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)
Description of problem:
vsftpd is installed and configured and seems to work fine by itself.
I would like to use tcp wrappers to allow all sessions, but make a
trivial log entry when a session starts. (This is a simplification,
but demonstrates the problem).
/etc/hosts.deny is left empty.
If /etc/hosts.allow contains only the line:
vsftpd : ALL : ALLOW
ftp sessions are fine. A change from ALLOW to DENY properly denies the
If I change the line to include a spawn:
vsftpd : ALL : spawn /bin/echo `/bin/date` >> /tmp/foo.log : ALLOW
the log is appended, but the remote cygwin-on-windows ftp session
continues through interactively getting the password, then hangs until
timed out. The message on the remote machine is:
ftp: Login failed.
ftp: No control connection for command: No error
If I change the ALLOW to a DENY, the log entry happens and the ftp
session is properly denied.
What needs to happen to get spawn to work with ALLOW?
(Tech support has looked at this problem as Service Request 278981)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add vsftpd entry with spawn and allow to /etc/hosts.allow
2. Start an ftp session to the host (I've only done it remotely)
3. Enter a valid username and password
Actual Results: ftp session hangs until timed out. Log entry happens.
Expected Results: useable ftp session and log entry
Created attachment 155450 [details]
This patch fixes it. I hope it does not introduce any regression, since it
changes the behaviour with regard to signals a little bit. I commited it to
We can't fix this one in RHEL 3. It will be fixed in 4.6 and 5.1 though.