Bug 265561 - does not respect chroot when in ssl mode
does not respect chroot when in ssl mode
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: vsftpd (Show other bugs)
7
All All
medium Severity high
: ---
: ---
Assigned To: Maros Barabas
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-29 17:36 EDT by Stephanos Manos
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-21 15:38:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephanos Manos 2007-08-29 17:36:19 EDT
Description of problem:
When configuring vsftpd with ssl support it does not honor the chroot settings.
It always goes to the users home dir regardless of the settings and the user can
cd at any place in the system 

Version-Release number of selected component (if applicable):
vsftpd-2.0.5-16.fc7

How reproducible:
Always in ssl mode

Steps to Reproduce:
1. Install vsftpf
2. enable ssl
3. connect to the server
4. cd ..
  
Actual results:
The user is always to his home dir and can cd wherever he wants in the server

Expected results:
Depending on the settings 
1. if configured with chroot then the ability to move outside the home dir to be
diabled
2, if configured without chroot to be in /var/ftp

Additional info:
My vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES#
ftpd_banner=Welcome to my vsVTPd Server
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
banner_file=/etc/vsftpd/welcome.banner
anon_umask=077
pasv_enable=YES
local_root=/var/ftp
anon_max_rate=10485760
local_max_rate=0
max_clients=5
max_per_ip=1

#SSL Settings
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
Comment 1 Maros Barabas 2007-08-30 09:56:59 EDT
Beware, everyone in the file /etc/vsftpd/chroot_list has permission to cd
averywhere..

Try to use chroot without SSL enabled and after that enable it.

I can't reproduce this.
Thanks
Comment 2 Stephanos Manos 2007-09-21 15:38:06 EDT
After fixing the iptables for correct external access (lo rules) an forcing
vsftp to use a specific port for pasv the problem is solved.
VSFTP actually respects the chroot.

So apologies for the noise.

Note You need to log in before you can comment on or make changes to this bug.