Bug 145548 - vsftpd doesn't warn when not reading user_configs
vsftpd doesn't warn when not reading user_configs
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: vsftpd (Show other bugs)
3.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Martin Nagy
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-19 11:09 EST by Thomas Uebermeier
Modified: 2016-07-26 19:46 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-01 07:38:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas Uebermeier 2005-01-19 11:09:51 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20041020

Description of problem:
vsftpd has the ability to use user specific configuration files
("user_config_dir"). When these configuration files are *not* being
owned by root, they are ignored - for obvious security reasons.
The problem is, that this is not documented and there is no warning if
this happens:

from twoprocess.c:337

  retval = str_stat(&filename_str, &p_statbuf);
  /* Security - ignore unless owned by root */
  if (!vsf_sysutil_retval_is_error(retval) &&
      vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
  {
    vsf_parseconf_load_file(str_getbuf(&filename_str), 1);
  }

to avoid confusion vsftpd should log (on server side) its problems.

Version-Release number of selected component (if applicable):
vsftpd-1.2.1-3E.1

How reproducible:
Always

Steps to Reproduce:
see above

Actual Results:  Config file not being read, no notice, nowhere
documented.

Expected Results:  Minimum documentation, better some log entry what
happened.

Additional info:
Comment 1 Thomas Uebermeier 2005-01-19 11:20:13 EST
even more confusing, when reading the main configuration file those
checks are not being done, see parseconf.c:183
Comment 2 Radek Vokal 2005-02-07 07:59:22 EST
Hmm, corect. I'll add the test there. May I have your personal opinion
for my thoughts? I think vsftpd should die when the conf file isn't
owned by root, not only log it. 
Comment 3 Thomas Uebermeier 2005-02-07 08:15:57 EST
Yes, either die with a warning or ignore the config with a warning. 
For the first solution the advantage would be, that the admin would 
realize, that something is wrong, but both ways are ok. 
 
Comment 4 Radek Vokal 2005-02-08 03:44:11 EST
Ok, the fix will appear in vsftpd-2.0.1-9 (devel) and
vsftpd-1.2.1-3E.4 (RHEL3) .. later I'll push it to the other dists. 
Comment 5 Karsten Wade 2005-02-08 07:17:24 EST
What was the final decision?  Does vsftpd die with a warning or ignore
the config with a warning?
Comment 6 Radek Vokal 2005-02-08 07:32:41 EST
Oh sorry, I forget to mention it in my posting. The final decision is:
we are strict. The file not owned by root is rejected as not being a
valid configuration file. I've also added a note to vsftpd.8 about this. 
Comment 7 Juergen Nowak 2005-12-12 07:51:00 EST
(In reply to comment #6)
> Oh sorry, I forget to mention it in my posting. The final decision is:
> we are strict. The file not owned by root is rejected as not being a
> valid configuration file. I've also added a note to vsftpd.8 about this. 

Hi! We use the per-user configuration file feature for our installation. 
However, our server configuration requires the possibility not to have a 
configuration file for every single user (and use the settings in the global 
configuration file instead). In such a case, the current "vsftpd-1.2.1-
nonrootconf.patch" lets vsftpd die if a configuration file doesn't exist for 
the user who tries to connect.

What do you think about only letting vsftpd die if the configuration file 
exists and is not owned by root? This would still leave the configuration 
secure, but would allow people to have a general configuration for 
all "regular" users and only some per-user configuration files for some 
specific users.
Comment 8 Michael Shuler 2006-08-08 13:58:03 EDT
(In reply to comment #7)
> What do you think about only letting vsftpd die if the configuration file 
> exists and is not owned by root? This would still leave the configuration 
> secure, but would allow people to have a general configuration for 
> all "regular" users and only some per-user configuration files for some 
> specific users.

Agreed - it is unfortunate there was not any further discussion on this. 
vsftpd-1.2.1-3E.6 was released with this patch and broke ftp login, if no
configuration file exists.

ref:  http://bugs.centos.org/view.php?id=1393

Radek,

The 'else' part (which throws the error) is not only entered if the config file
is not owned by root, it is also entered if the user config file does not exist.

Touching an empty file for the user is a workaround, but this should be
corrected to allow an ftp login to use the default configurations, if no custom
configuration lines are included in a user_config_dir file.

Kind Regards,
Michael Shuler
Comment 9 Martin Nagy 2008-02-01 07:38:09 EST
I'm sorry but for RHEL-3 we currently only fix regressions and mission critical
bug. Hence closing as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.