This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 238339 - vsftpd tries a search in directory where process was started
vsftpd tries a search in directory where process was started
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: vsftpd (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Maros Barabas
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-29 10:58 EDT by Robert Scheck
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-30 10:15:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2007-04-29 10:58:20 EDT
Description of problem:
vsftpd tries a search in directory where the vsftpd process was started and in 
(its?) home directory.

hurricane:/usr/src/rpm/SPECS # pwd
/usr/src/rpm/SPECS
hurricane:/usr/src/rpm/SPECS # 
hurricane:/usr/src/rpm/SPECS # service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]
hurricane:/usr/src/rpm/SPECS # 

So...when now opening a FTP session, the following is in audit logs:

--- snipp ---
type=AVC msg=audit(1177858462.480:175448): avc:  denied  { search } for  
pid=14505 comm="vsftpd" name="SPECS" dev=cciss/c0d0p2 ino=1933315 
scontext=user_u:system_r:ftpd_t:s0 tcontext=user_u:object_r:src_t:s0 tclass=dir
type=SYSCALL msg=audit(1177858462.480:175448): arch=40000003 syscall=5 
success=no exit=-2 a0=9fbbaf8 a1=8000 a2=1b6 a3=9fbbb20 items=0 ppid=14487 
pid=14505 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="vsftpd" exe="/usr/sbin/vsftpd" subj=user_u:system_r:ftpd_t:s0 
key=(null)
type=USER_AUTH msg=audit(1177858462.484:175449): user pid=14505 uid=0 auid=500 
subj=user_u:system_r:ftpd_t:s0 msg='PAM: authentication acct=robert : exe="/usr/
sbin/vsftpd" (hostname=tux.fedora.local, addr=192.168.0.29, terminal=ftp 
res=success)'
type=USER_ACCT msg=audit(1177858462.488:175450): user pid=14505 uid=0 auid=500 
subj=user_u:system_r:ftpd_t:s0 msg='PAM: accounting acct=robert : exe="/usr/
sbin/vsftpd" (hostname=tux.fedora.local, addr=192.168.0.29, terminal=ftp 
res=success)'
type=CRED_ACQ msg=audit(1177858462.488:175451): user pid=14505 uid=0 auid=500 
subj=user_u:system_r:ftpd_t:s0 msg='PAM: setcred acct=robert : exe="/usr/sbin/
vsftpd" (hostname=tux.fedora.local, addr=192.168.0.29, terminal=ftp 
res=success)'
type=AVC msg=audit(1177858462.492:175452): avc:  denied  { search } for  
pid=14507 comm="vsftpd" name="home" dev=cciss/c0d0p2 ino=2473994 
scontext=user_u:system_r:ftpd_t:s0 tcontext=system_u:object_r:home_root_t:s0 
tclass=dir
type=SYSCALL msg=audit(1177858462.492:175452): arch=40000003 syscall=12 
success=yes exit=0 a0=9fb64b8 a1=1f4 a2=4382ec a3=bfbff4f4 items=0 ppid=14505 
pid=14507 auid=500 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=100 sgid=100 
fsgid=100 tty=(none) comm="vsftpd" exe="/usr/sbin/vsftpd" 
subj=user_u:system_r:ftpd_t:s0 key=(null)
--- snapp ---

home_root_t is "HOME_ROOT               -d      
system_u:object_r:home_root_t:s0-s15:c0.c1023" as per base.fc. And searching in 
SPECS is ABSOLUTELY wrong, so vsftpd should be fixed.

Version-Release number of selected component (if applicable):
vsftpd-2.0.5-16

How reproducible:
Everytime, see above.

Actual results:
vsftpd tries a search in directory where the vsftpd process was started and in 
(its?) home directory.

Expected results:
No avc denied messages.

Additional info:
I would say, this wrong behaviour is a vsftpd bug, but as I'm not sure, I'm 
adding a SELinux guy to this report.
Comment 1 Daniel Walsh 2007-04-30 09:07:54 EDT
I don't think this is a vsftp, but the way that gcc works.   Access to the
current directory where an application is started, is checked automatically and
can trigger these avc's.  I don't see there is much we can do about this.

I am not sure why it is searching the /home directory,  Did you have vsftp setup
to login to local accounts.
Comment 2 Robert Scheck 2007-04-30 09:11:05 EDT
Yes, I'm trying to login as "robert" where the home directory of "robert" is
/home/robert - should be a legal combination, shouldn't it?
Comment 3 Daniel Walsh 2007-04-30 10:15:42 EDT
Yes it is legal, but it requires you to set a boolean on your system to allow it.

setsebool -P ftp_home_dir=1

You should install setroubleshoot, which would have told you this when SELinux
prevented your login.

Note You need to log in before you can comment on or make changes to this bug.