[Bug 1160372] Re: Login is not possible

Thu Jul 11 04:00:41 UTC 2013

Launchpad has imported 65 comments from the remote bug at
https://bugzilla.novell.com/show_bug.cgi?id=786024.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2012-10-20T14:43:48+00:00 Suse-beta wrote:

vsftpd is running, but...

# ncftp -u demo localhost
NcFTP 3.2.4 (May 16, 2010) by Mike Gleason (http://www.NcFTP.com/contact/).
Server hungup immediately after connect.                                                                                                                     
OOPS: priv_sock_get_cmd

Workaround: add seccomp_sandbox=NO to vsftpd.conf

See also https://bbs.archlinux.org/viewtopic.php?id=147074 - the page
says this is fixed in vsftpd 3.0.2, so updating vsftpd to this version
should be enough.

I did not test if this bug is only in Factory (I'm using factory-tested
from 2012-10-03) or also in 12.2.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/0

------------------------------------------------------------------------
On 2012-10-22T12:02:32+00:00 Mvyskocil-l wrote:

Sounds reasonable, so maintenance team, I'd like to do maintenance
update to vsftpd 3.0.2 in 12.2.

Changelog says it's a bugfix release, so I think it's safe to do

https://security.appspot.com/vsftpd/Changelog.txt

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/1

------------------------------------------------------------------------
On 2012-10-22T12:16:11+00:00 Bbrunner-u wrote:

Michal could you do a maintenancerequest with the fixed package for 12.2
and submit it to factory too, please?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/2

------------------------------------------------------------------------
On 2012-10-22T12:56:32+00:00 Mvyskocil-l wrote:

ok

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/3

------------------------------------------------------------------------
On 2012-10-22T13:40:38+00:00 Mvyskocil-l wrote:

12.2:    138997
factory: 138998

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/4

------------------------------------------------------------------------
On 2012-10-22T14:00:27+00:00 Bwiedemann wrote:

This is an autogenerated message for OBS integration:
This bug (786024) was mentioned in
https://build.opensuse.org/request/show/138998 Factory / vsftpd

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/5

------------------------------------------------------------------------
On 2012-10-29T12:08:40+00:00 Swamp-a wrote:

openSUSE-RU-2012:1405-1: An update that has one recommended fix can now
be installed.

Category: recommended (low)
Bug References: 786024
CVE References: 
Sources used:
openSUSE 12.2 (src):    vsftpd-3.0.2-3.4.1

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/6

------------------------------------------------------------------------
On 2013-02-04T12:50:13+00:00 Suse-beta wrote:

I have good and bad news.
- good news: it works on 12.2
- bad news: I still get the same error on current factory (unmodified vsftpd.conf as shipped in the rpm)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/7

------------------------------------------------------------------------
On 2013-02-04T13:30:18+00:00 Mvyskocil-l wrote:

*** Bug 801871 has been marked as a duplicate of this bug. ***

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/8

------------------------------------------------------------------------
On 2013-02-04T14:11:59+00:00 Mvyskocil-l wrote:

Changed the product to appear on a list of 12.3 bugs ...

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/9

------------------------------------------------------------------------
On 2013-02-12T16:47:42+00:00 Mvyskocil-l wrote:

It seems there is some race - when I've added vfs_cmdio_write into the
code to find the location, where it happens, the priv_sock_get_cmd
disappeared. So still under investigating.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/10

------------------------------------------------------------------------
On 2013-02-21T13:30:46+00:00 Mvyskocil-l wrote:

Well, I suspect the pam subsystem try to open a /dev/log. When add the
socket(PF_FILE) into the whitelist, vsftpd seems to work. However I've
got an another issue with pam (this is valid even if seccomp_sanbox is
disabled).

2013-02-21T14:20:17.693042+01:00 linux-xtv2 vsftpd[1]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1  user=mvyskocil
2013-02-21T14:20:18.407159+01:00 linux-xtv2 vsftpd[1]: pam_sss(vsftpd:auth): authentication success; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1 user=mvyskocil
2013-02-21T14:20:18.409089+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted
2013-02-21T14:20:18.411338+01:00 linux-xtv2 vsftpd[1]: [mvyskocil] FAIL LOGIN: Client "::1"

@thorsen: I would say both CAP_AUDIT_* are needed for vsftpd. I'm right?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/11

------------------------------------------------------------------------
On 2013-02-21T13:37:26+00:00 Kukuk-g wrote:

(In reply to comment #11)
> Well, I suspect the pam subsystem try to open a /dev/log.

PAM calls syslog(), which I assumes opens /dev/log.

> 2013-02-21T14:20:17.693042+01:00 linux-xtv2 vsftpd[1]: pam_unix(vsftpd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1
>  user=mvyskocil
> 2013-02-21T14:20:18.407159+01:00 linux-xtv2 vsftpd[1]: pam_sss(vsftpd:auth):
> authentication success; logname= uid=0 euid=0 tty=ftp ruser=mvyskocil rhost=::1
> user=mvyskocil
> 2013-02-21T14:20:18.409089+01:00 linux-xtv2 vsftpd[1]: PAM
> audit_log_acct_message() failed: Operation not permitted
> 2013-02-21T14:20:18.411338+01:00 linux-xtv2 vsftpd[1]: [mvyskocil] FAIL LOGIN:
> Client "::1"
> 
> @thorsen: I would say both CAP_AUDIT_* are needed for vsftpd. I'm right?

I have no idea about CAP_AUDIT_*, but PAM is using the audit subsystem
for logging.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/12

------------------------------------------------------------------------
On 2013-02-21T18:10:30+00:00 Suse-beta wrote:

(In reply to comment #11)
> @thorsen: I would say both CAP_AUDIT_* are needed for vsftpd. I'm right?

Just ask AppArmor, your friendly permission inventory software (and,
side effect, it secures your server ;-)

This is what I have in my AppArmor profile for vsftpd:
  capability audit_write,
  capability setgid,
  capability setuid,
  capability sys_admin,
  capability sys_chroot,

Note: sys_admin might be a leftover from older versions and might no
longer be needed - IIRC in the past audit_write was a part of sys_admin.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/13

------------------------------------------------------------------------
On 2013-02-25T14:55:37+00:00 Mvyskocil-l wrote:

@cboltz: thanks, I'll patch vsftpd to keep CAP_AUDIT_WRITE then.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/14

------------------------------------------------------------------------
On 2013-02-27T15:43:19+00:00 Mvyskocil-l wrote:

It still prints the same error - I've patched vsftpd to set
CAP_AUDIT_WRITE (and CAP_AUDIT_CONTROL) before pam auth session, but the
fail remains the same.

11256 16:38:08.161851 capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
11256 16:38:08.161911 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL, CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL, 0}) = 0
11256 16:38:08.161964 getppid()         = 0

and later on ...

11256 16:38:08.188437 sendto(5, "<82>Feb 27 16:38:08 vsftpd[1]: PAM
audit_log_acct_message() failed: Operation not permitted", 91,
MSG_NOSIGNAL, NULL, 0) = 91

I've verified this behaves same for local users as well, so not
connected with pam_sss.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/15

------------------------------------------------------------------------
On 2013-02-28T13:19:11+00:00 Mvyskocil-l wrote:

Created an attachment (id=527476)
strace output of vsftpd

This is the full strace output, but I was not able to realize which
syscall triggered the audit error. Note that process calls capset for
CAP_AUDIT_WRITE (+ _CONTROL, which shall not be needed). I would not say
there are no more capabilities to try.

This is a part relevant starting with what audit_init do

7462  14:01:23.677346 socket(PF_NETLINK, SOCK_RAW, 9) = 4
7462  14:01:23.677412 fcntl(4, F_SETFD, FD_CLOEXEC) = 0
7462  14:01:23.677463 socket(PF_NETLINK, SOCK_RAW, 0) = 5
7462  14:01:23.677499 bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
7462  14:01:23.677541 getsockname(5, {sa_family=AF_NETLINK, pid=1, groups=00000000}, [12]) = 0
7462  14:01:23.677583 sendto(5, "\24\0\0\0\26\0\1\3#U/Q\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
7462  14:01:23.677634 recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0#U/Q\1\0\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0#U/Q\1\0\0\0\2\22\200\0\2\0\0\0\10\0\1\0\nd3Y\10\0\2\0\nd3Y\10\0\4\0\nd?\377\t\0\3\0eth0\0\0\0\0<\0\0\0\24\0\2\0#U/Q\1\0\0\0\2\27\200\0\3\0\0\0\10\0\1\0\225,\2106\10\0\2\0\225,\2106\10\0\4\0\225,\211\377\n\0\3\0wlan0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 168
7462  14:01:23.677687 recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0#U/Q\1\0\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\24\0\6\0\377\377\377\377\377\377\377\377j\3\0\0j\3\0\0@\0\0\0\24\0\2\0#U/Q\1\0\0\0\n@\200\375\2\0\0\0\24\0\1\0\376\200\0\0\0\0\0\0>\227\16\377\376q\2767\24\0\6\0\377\377\377\377\377\377\377\377]\321\3\0]\321\3\0@\0\0\0\24\0\2\0#U/Q\1\0\0\0\n@\200\375\3\0\0\0\24\0\1\0\376\200\0\0\0\0\0\0\206:K\377\376[\253\314\24\0\6\0\377\377\377\377\377\377\377\377\241\322\3\0\241\322\3\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 192
7462  14:01:23.677730 recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0#U/Q\1\0\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
7462  14:01:23.677769 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 6
7462  14:01:23.677804 connect(6, {sa_family=AF_FILE, sun_path="/var/run/nscd/socket"}, 110) = 0
7462  14:01:23.677847 sendto(6, "\2\0\0\0\r\0\0\0\6\0\0\0hosts\0", 18, MSG_NOSIGNAL, NULL, 0) = 18
7462  14:01:23.677882 poll([{fd=6, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=6, revents=POLLIN}])
7462  14:01:23.677936 recvmsg(6, {msg_name(0)=NULL, msg_iov(2)=[{"hosts\0", 6}, {"\310O\3\0\0\0\0\0", 8}], msg_controllen=24, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {7}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 14
7462  14:01:23.678022 mmap(NULL, 217032, PROT_READ, MAP_SHARED, 7, 0) = 0x7fc3b1cf7000
7462  14:01:23.678113 close(7)          = 0
7462  14:01:23.678169 close(6)          = 0
7462  14:01:23.678252 close(5)          = 0
7462  14:01:23.678388 readlink("/proc/self/exe", "/usr/sbin/vsftpd", 4096) = 16
7462  14:01:23.678541 sendto(4, "\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 132, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 132
7462  14:01:23.678605 poll([{fd=4, events=POLLIN}], 1, 500) = 1 ([{fd=4, revents=POLLIN}])
7462  14:01:23.678654 recvfrom(4, "\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152
7462  14:01:23.678709 recvfrom(4, "\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ftp res=success\0", 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152
7462  14:01:23.678759 getuid()          = 0
7462  14:01:23.678802 getuid()          = 0
7462  14:01:23.678880 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
7462  14:01:23.678927 connect(5, {sa_family=AF_FILE, sun_path="/dev/log"}, 110) = 0
7462  14:01:23.678977 sendto(5, "<82>Feb 28 14:01:23 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted", 91, MSG_NOSIGNAL, NULL, 0) = 91
7462  14:01:23.679050 close(4)          = 0

But despite the recvfrom(4 did not failed, the Operation not permitted
is returned, but I have no idea why.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/16

------------------------------------------------------------------------
On 2013-02-28T13:23:54+00:00 Mvyskocil-l wrote:

@tonyj: can you check the strace output and find why the pam returns
such error? The Linux-PAM-1.1.6/lib/pam_audit.c does this

  rc = audit_log_acct_message (audit_fd, type, NULL, buf,
       (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?",
        -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );

  /* libaudit sets errno to his own negative error code. This can be
     an official errno number, but must not. It can also be a audit
     internal error code. Which makes errno useless :-((. Try the
     best to fix it. */
  errno = -rc;

  pamh->audit_state |= PAMAUDIT_LOGGED;

  if (rc < 0) {
      if (rc == -EPERM && getuid() != 0)
          return 0;
      if (errno != old_errno) {
          old_errno = errno;
          pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m");
      }
  }
  return rc;

so audit_log_acct_message returned negative value, but if I have no idea
why.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/17

------------------------------------------------------------------------
On 2013-02-28T16:00:07+00:00 Bwiedemann wrote:

This is an autogenerated message for OBS integration:
This bug (786024) was mentioned in
https://build.opensuse.org/request/show/156829 Factory / vsftpd

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/18

------------------------------------------------------------------------
On 2013-02-28T16:03:17+00:00 Mvyskocil-l wrote:

*** Bug 806758 has been marked as a duplicate of this bug. ***

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/19

------------------------------------------------------------------------
On 2013-02-28T19:51:50+00:00 Tonyj-2 wrote:

I need to get this string data in a format that's easier to understand.
The \230 part is a netlink header but "strace -xx" format would be much
easier for me to decipher.

7462  14:01:23.678654 recvfrom(4,
"\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication
acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1
terminal=ftp res=success\0", 8988, MSG_PEEK|MSG_DONTWAIT,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 152

7462  14:01:23.678709 recvfrom(4,
"\230\0\0\0\2\0\0\0\1\0\0\0005\357\377\377\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0op=PAM:authentication
acct=\"test\" exe=\"/usr/sbin/vsftpd\" hostname=127.0.0.1 addr=127.0.0.1
terminal=ftp res=success\0", 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0,
groups=00000000}, [12]) = 152

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/20

------------------------------------------------------------------------
On 2013-02-28T20:11:32+00:00 Tonyj-2 wrote:

\230\0\0\0 is the nlmsghdr.nlmsg_len
\2\0 is nlmsghdr.nlmsg_type == NLMSG_ERROR

it would be easier to decipher the rest in hex.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/21

------------------------------------------------------------------------
On 2013-03-01T20:40:43+00:00 Tonyj-2 wrote:

(In reply to comment #17)
> @tonyj: can you check the strace output and find why the pam returns such
> error? The Linux-PAM-1.1.6/lib/pam_audit.c does this
> 
>   rc = audit_log_acct_message (audit_fd, type, NULL, buf,
>        (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?",
>         -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );
> 
>   /* libaudit sets errno to his own negative error code. This can be
>      an official errno number, but must not. It can also be a audit
>      internal error code. Which makes errno useless :-((. Try the
>      best to fix it. */
>   errno = -rc;
> 
>   pamh->audit_state |= PAMAUDIT_LOGGED;
> 
>   if (rc < 0) {
>       if (rc == -EPERM && getuid() != 0)
>           return 0;
>       if (errno != old_errno) {
>           old_errno = errno;
>           pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m");
>       }
>   }
>   return rc;
> 
> so audit_log_acct_message returned negative value, but if I have no idea why.

The code in audit (lib/netlink.c::check_ack())

 /* NLMSG_ERROR can indicate success, only report nonzero */
                if (rep.error->error) {
                        errno = -rep.error->error;
                        return rep.error->error;

Based on the strace log,  rep.error->error is -1 which should be what is
returned back to PAM.

Is there anything informative in the kernel or audit logs?   Otherwise
can you give me a quick tutorial on how to setup to reproduce as I'll
have to debug the library.

Thanks!

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/22

------------------------------------------------------------------------
On 2013-03-02T21:51:58+00:00 O-nicolas wrote:

(In reply to comment #20)
> I need to get this string data in a format that's easier to understand.   The
> \230 part is a netlink header but "strace -xx" format would be much easier for
> me to decipher.

strace -xx output

[pid  6654] close(6)                    = 0
[pid  6654] close(5)                    = 0
[pid  6654] readlink("\x2f\x70\x72\x6f\x63\x2f\x73\x65\x6c\x66\x2f\x65\x78\x65", "\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64", 4096) = 16
[pid  6654] sendto(4, "\x78\x00\x00\x00\x4c\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x63\x63\x74\x3d\x22\x64\x65\x6d\x6f\x22\x20\x65\x78\x65\x3d\x22\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64\x22\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x3d\x3a\x3a\x31\x20\x61\x64\x64\x72\x3d\x3a\x3a\x31\x20\x74\x65\x72\x6d\x69\x6e\x61\x6c\x3d\x66\x74\x70\x20\x72\x65\x73\x3d\x73\x75\x63\x63\x65\x73\x73\x00", 120, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 120
[pid  6654] poll([{fd=4, events=POLLIN}], 1, 500) = 1 ([{fd=4, revents=POLLIN}])
[pid  6654] recvfrom(4, "\x8c\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\xd7\xee\xff\xff\xff\xff\xff\xff\x78\x00\x00\x00\x4c\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x63\x63\x74\x3d\x22\x64\x65\x6d\x6f\x22\x20\x65\x78\x65\x3d\x22\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64\x22\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x3d\x3a\x3a\x31\x20\x61\x64\x64\x72\x3d\x3a\x3a\x31\x20\x74\x65\x72\x6d\x69\x6e\x61\x6c\x3d\x66\x74\x70\x20\x72\x65\x73\x3d\x73\x75\x63\x63\x65\x73\x73\x00", 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 140
[pid  6654] recvfrom(4, "\x8c\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\xd7\xee\xff\xff\xff\xff\xff\xff\x78\x00\x00\x00\x4c\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x63\x63\x74\x3d\x22\x64\x65\x6d\x6f\x22\x20\x65\x78\x65\x3d\x22\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x76\x73\x66\x74\x70\x64\x22\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x3d\x3a\x3a\x31\x20\x61\x64\x64\x72\x3d\x3a\x3a\x31\x20\x74\x65\x72\x6d\x69\x6e\x61\x6c\x3d\x66\x74\x70\x20\x72\x65\x73\x3d\x73\x75\x63\x63\x65\x73\x73\x00", 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 140
[pid  6654] getuid()                    = 0
[pid  6654] getuid()                    = 0
[pid  6654] socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
[pid  6654] connect(5, {sa_family=AF_FILE, sun_path="\x2f\x64\x65\x76\x2f\x6c\x6f\x67"}, 110) = 0
[pid  6654] sendto(5, "\x3c\x38\x32\x3e\x4d\x61\x72\x20\x20\x32\x20\x32\x32\x3a\x34\x36\x3a\x31\x39\x20\x76\x73\x66\x74\x70\x64\x3a\x20\x50\x41\x4d\x20\x61\x75\x64\x69\x74\x5f\x6c\x6f\x67\x5f\x61\x63\x63\x74\x5f\x6d\x65\x73\x73\x61\x67\x65\x28\x29\x20\x66\x61\x69\x6c\x65\x64\x3a\x20\x4f\x70\x65\x72\x61\x74\x69\x6f\x6e\x20\x6e\x6f\x74\x20\x70\x65\x72\x6d\x69\x74\x74\x65\x64", 88, MSG_NOSIGNAL, NULL, 0) = 88

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/23

------------------------------------------------------------------------
On 2013-03-04T13:37:49+00:00 Mvyskocil-l wrote:

> Is there anything informative in the kernel or audit logs?   Otherwise can you
> give me a quick tutorial on how to setup to reproduce as I'll have to debug the
> library.

Hi, I don't see anything useful in system log

2013-03-04T14:27:45.535028+01:00 linux-xtv2 systemd[1]: Started Vsftpd ftp daemon.
2013-03-04T14:28:01.953454+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted
2013-03-04T14:28:01.954845+01:00 linux-xtv2 vsftpd[1]: [test] FAIL LOGIN: Client "127.0.0.1"
2013-03-04T14:28:14.316061+01:00 linux-xtv2 systemd[1]: Started Vsftpd ftp daemon.
2013-03-04T14:28:39.682743+01:00 linux-xtv2 vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted
2013-03-04T14:28:39.684083+01:00 linux-xtv2 vsftpd[1]: [test] FAIL LOGIN: Client "127.0.0.1"

and dmesg seems to be full of wlan0 related things only.

Steps to reproduce
1.) install 12.3 RC2
2.) zypper install vsftpd
3.) useradd test
4.) echo "test" | passwd test
5.) systemctl start vsftpd.service
6.) ftp ftp://test:test@localhost

BTW: you might get a OOPS: priv_sock_get_cmd, in this case please add

Workaround: add seccomp_sandbox=NO to vsftpd.conf

It has been fixed, just I am not sure if it appear in RC2

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/24

------------------------------------------------------------------------
On 2013-03-06T19:00:18+00:00 Bwiedemann wrote:

This is an autogenerated message for OBS integration:
This bug (786024) was mentioned in
https://build.opensuse.org/request/show/157548 Factory / vsftpd

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/25

------------------------------------------------------------------------
On 2013-03-06T22:29:02+00:00 Tonyj-2 wrote:

(In reply to comment #24)
> Steps to reproduce
> 1.) install 12.3 RC2
> 2.) zypper install vsftpd
> 3.) useradd test
> 4.) echo "test" | passwd test
> 5.) systemctl start vsftpd.service
> 6.) ftp ftp://test:test@localhost
> 
> BTW: you might get a OOPS: priv_sock_get_cmd, in this case please add 
> 
> Workaround: add seccomp_sandbox=NO to vsftpd.conf
> 
> It has been fixed, just I am not sure if it appear in RC2

Thanks, I can reproduce,  but I don't have an answer yet.

It's odd as
- 'auditctl -m' is working fine,   this calls audit_send_user_message() and succeeds.
- su succeeds, here PAM is calling audit_log_acct_message() which is calling audit_send_user_message()

su:
in audit_log_acct_message audit_fd=3, type=1104, pgname='(null)', op='PAM:setcred', name='root', id=4294967295, host='(null)', addr='(null)', tty='pts/3', result=1
return is 6

vsftp:
in audit_log_acct_message audit_fd=4, type=1100, pgname='(null)', op='PAM:authentication', name='test', id=4294967295, host='127.0.0.1', addr='(null)', tty='ftp', result=1
return is -1

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/26

------------------------------------------------------------------------
On 2013-03-20T09:43:01+00:00 Mvyskocil-l wrote:

*** Bug 809858 has been marked as a duplicate of this bug. ***

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/27

------------------------------------------------------------------------
On 2013-03-20T09:46:00+00:00 Mvyskocil-l wrote:

@tonyj: would you say the audit=0 on a commandline can work-around it?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/28

------------------------------------------------------------------------
On 2013-03-27T18:45:23+00:00 Cristian Rodríguez wrote:

*** Bug 811324 has been marked as a duplicate of this bug. ***

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/30

------------------------------------------------------------------------
On 2013-03-27T20:15:36+00:00 Cjgunzel wrote:

When attempting to start vsftpd in system services of YaST a message is
returned that network-remotefs service is required.  It appears vsftpd
is started because port 21 is open from a remote machine but it is not
possible to connect to the server.

A Linux server with no working FTP server is a real black eye!

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/37

------------------------------------------------------------------------
On 2013-03-27T20:18:03+00:00 Cjgunzel wrote:

P.S.  I'm using 12.3 released version, 64 bit.  This is no longer a
development version issue.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/38

------------------------------------------------------------------------
On 2013-03-27T20:23:37+00:00 Johanp wrote:

(In reply to comment #30)

> A Linux server with no working FTP server is a real black eye!

Until this is fixed an easy workaround for this "black-eye" is to use
pure-ftpd instead which works just fine and is functional equivalent in
(almost) all practical sense to vsftpd

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/39

------------------------------------------------------------------------
On 2013-03-28T09:20:46+00:00 Mvyskocil-l wrote:

changed summary to match the current problem

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/40

------------------------------------------------------------------------
On 2013-03-28T11:04:41+00:00 Itheodoridis wrote:

I am facing the same problem with OpenSuSE 12.3 64bit, network install.
Pure-ftpd is reported (OpenSuSE forums) to work only if pam athentication  is disabled (and local authentication enabled) in the pure-ftpd configuration.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/41

------------------------------------------------------------------------
On 2013-03-28T14:35:33+00:00 Johanp wrote:

(In reply to comment #35)
> Pure-ftpd is reported (OpenSuSE forums) to work only if pam athentication  is
> disabled (and local authentication enabled) in the pure-ftpd configuration.

Strange, I'm using pure-ftpd (SuSE 12.3) with configuration

PAMAuthentication yes

and this works just fine (but vsftpd does not).

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/42

------------------------------------------------------------------------
On 2013-03-28T15:22:09+00:00 Itheodoridis wrote:

When I tried it personally, it refused to start. I will check one more
time and repost.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/43

------------------------------------------------------------------------
On 2013-03-29T04:56:45+00:00 Tonyj-2 wrote:

Ubuntu bug on this also:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372

The issue is occurring because it seems vsftp has changed it's pid
namespace.

Probably from sysdeputil.c::vsf_sysutil_fork_isolate_failok() 
"syscall(__NR_clone, CLONE_NEWPID)" 

There is a specific prohibition in the kernel on this:

-----------------------------------------------------------------------------
commit 34e36d8ecbd958bc15f8e63deade1227de337eb1
Author: Eric W. Biederman <ebiederm at xmission.com>
Date:   Mon Sep 10 23:20:20 2012 -0700

    audit: Limit audit requests to processes in the initial pid and user namespaces.

    This allows the code to safely make the assumption that all of the
    uids gids and pids that need to be send in audit messages are in the
    initial namespaces.

    If someone cares we may lift this restriction someday but start with
    limiting access so at least the code is always correct.
-----------------------------------------------------------------------------

Regarding audit=0.  I imagine it would solve the issue, rather extreme.
Also if I boot with audit=0 then client side ftp fails with "500 OOPS:
priv_sock_get_cmd" (seccomp_sandbox=NO in /etc/vsftpd.conf).

Can you verify if the above vsftp codepath is indeed being executed and
see what happens if VSF_SYSDEP_HAVE_LINUX_CLONE is disabled.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/46

------------------------------------------------------------------------
On 2013-03-29T08:10:17+00:00 Mvyskocil-l wrote:

vsftpd calls CLONE_NEWPID on SUSE - it is visible in #comment11 (see
vsftpd[1]).

> Also if I boot with audit=0 then client side ftp fails with "500 OOPS:
> priv_sock_get_cmd" (seccomp_sandbox=NO in /etc/vsftpd.conf).

This does not makes any sense to me. This bug is related to enabled
seccomp sanbox, but it was fixed before 12.3 release. I'll test that.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/47

------------------------------------------------------------------------
On 2013-03-29T08:46:06+00:00 Mvyskocil-l wrote:

> Can you verify if the above vsftp codepath is indeed being executed and see
> what happens if VSF_SYSDEP_HAVE_LINUX_CLONE is disabled.

With a traditional fork pam session can be opened, however next test -
an attempt to download the file dies on a seccomp sanbox. The same apply
for a clone w/o NEW_PID, where an audit error is different. I will track
this in an another bug to not pollute this one with third issue.

lowering a priority of this issue, patch is in
home:mvyskocil:branches:network/vsftpd

https://build.opensuse.org/project/show?project=home%3Amvyskocil%3Abranches%3Anetwork

https://build.opensuse.org/package/view_file?expand=1&file=vsftpd-drop-
newpid-from-
clone.patch&package=vsftpd&project=home%3Amvyskocil%3Abranches%3Anetwork

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/48

------------------------------------------------------------------------
On 2013-03-29T11:23:41+00:00 Edu-rm-85 wrote:

Well, I have a question now.

Will the system be updated to run VSFTPD correctly or I have to apply
the patch manually?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/49

------------------------------------------------------------------------
On 2013-03-29T11:49:19+00:00 Mvyskocil-l wrote:

(In reply to comment #41)
> Well, I have a question now.
> 
> Will the system be updated to run VSFTPD correctly or I have to apply the patch
> manually?

There will be a maintenance update, once all issues will be resolved.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/50

------------------------------------------------------------------------
On 2013-04-04T11:00:08+00:00 Bwiedemann wrote:

This is an autogenerated message for OBS integration:
This bug (786024) was mentioned in
https://build.opensuse.org/request/show/162591 Factory / vsftpd

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/52

------------------------------------------------------------------------
On 2013-04-04T12:00:08+00:00 Bwiedemann wrote:

This is an autogenerated message for OBS integration:
This bug (786024) was mentioned in
https://build.opensuse.org/request/show/162608 Maintenance /

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/53

------------------------------------------------------------------------
On 2013-04-04T12:02:46+00:00 Mvyskocil-l wrote:

Sent an update to 12.3 via 162608

@maintenance, please open a new maintenance incident

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/54

------------------------------------------------------------------------
On 2013-04-08T14:54:42+00:00 Meissner-i wrote:

accepted

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/55

------------------------------------------------------------------------
On 2013-04-12T16:25:00+00:00 Tzotsos wrote:

Hi all,

I see that the update is accepted but not yet released.
Is there an ETA on the update?
Perhaps a testing repo for the update to see if it works?

Cheers,
Angelos

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/56

------------------------------------------------------------------------
On 2013-04-12T18:14:59+00:00 Meissner-i wrote:

http://download.opensuse.org/update/12.3-test/

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/57

------------------------------------------------------------------------
On 2013-04-12T18:26:28+00:00 Tzotsos wrote:

Thanks Markus,

I installed the test-update repository and vsftp from there.
I get the following error:

ftp ftp://test:test@localhost
Trying ::1...
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 Welcome message
331 Please specify the password.
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
ftp: Login failed.
ftp: Can't connect or login to host `localhost'
500 OOPS: priv_sock_get_cmd

Any ideas?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/58

------------------------------------------------------------------------
On 2013-04-12T19:11:44+00:00 Tzotsos wrote:

Update:

I flushed everything from my server, even the yast-ftp module.
Then I installed vsftp from test-update and it works.

Now I am having issue with Extended Passive Mode that seems to be
enabled by default.

I reinstalled yast-ftp module and I get the 500 error as above.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/59

------------------------------------------------------------------------
On 2013-04-12T19:54:03+00:00 Tzotsos wrote:

Update2:

I flushed again everything but did not manage to get it working again.
The log message when I run "service vsftpd status" shows login success, but the client reports error 500 and closes connection.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/61

------------------------------------------------------------------------
On 2013-04-12T20:41:50+00:00 Tzotsos wrote:

(In reply to comment #37)
> When I tried it personally, it refused to start. I will check one more time and
> repost.

Hi Ioannis,

Any updates on that? Did you manage to make it work with pure-ftp?
I am having the same problem: pure-ftp refuses to start. I upgraded from 12.2. Did you upgrade too or was it a clean install?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/62

------------------------------------------------------------------------
On 2013-04-15T05:56:21+00:00 Itheodoridis wrote:

(In reply to comment #52)
> (In reply to comment #37)
> > When I tried it personally, it refused to start. I will check one more time and
> > repost.
> 
> Hi Ioannis,
> 
> Any updates on that? Did you manage to make it work with pure-ftp?
> I am having the same problem: pure-ftp refuses to start. I upgraded from 12.2.
> Did you upgrade too or was it a clean install?

Hello Angelos :)
Yes I tried again, it needs to start through xinetd or it will not start on its own (standalone). I can't say I like it, but I will live until we get the official update for vsftpd through official repos, which I am waiting for very patiantly...
Let's hope it doesn't take forever..
Guys the limitations of open source are showing in this case.. I know it's unfair, but the reaction I am gettinig in my enterprise is surprise and dissappointment. We are definately not winning over any business people like that.
Personally, I am keeping a low profile till this is resolved.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/63

------------------------------------------------------------------------
On 2013-04-15T08:04:50+00:00 Swamp-a wrote:

openSUSE-RU-2013:0677-1: An update that has two recommended fixes can
now be installed.

Category: recommended (moderate)
Bug References: 786024,812406
CVE References: 
Sources used:
openSUSE 12.3 (src):    vsftpd-3.0.2-4.5.1

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/64

------------------------------------------------------------------------
On 2013-04-15T10:03:35+00:00 Tzotsos wrote:

Unfortunately the update did not work for me.
I still get the "500 OOPS: priv_sock_get_cmd" error.
Disabling seccomp sandbox is not working for me either...

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/65

------------------------------------------------------------------------
On 2013-04-18T08:54:21+00:00 Mvyskocil-l wrote:

(In reply to comment #55)
> Unfortunately the update did not work for me.
> I still get the "500 OOPS: priv_sock_get_cmd" error.
> Disabling seccomp sandbox is not working for me either...

Well, without a providing any more information I cannot help you much.
Would you be so kind to open a new bug?

I would need to explain

what are you try to do - do you see that with (non)-anonymous download?
How your vsftpd.conf look like? Does grep 'vsftpd' /var/log/messages
says anything usefull?

BTW: the output of strace -tt -s 512 of vsftpd daemon.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/67

------------------------------------------------------------------------
On 2013-04-18T09:49:34+00:00 Tzotsos wrote:

Created an attachment (id=535776)
configuration file that fails

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/68

------------------------------------------------------------------------
On 2013-04-18T09:49:50+00:00 Tzotsos wrote:

Hi Michal,

Thanks for the reply. I have switched to sftp to bypass this issue.
Here is the info you asked:

# ftp ftp://ueser:*****.@localhost
Trying ::1...
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 Welcome message
331 Please specify the password.
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
ftp: Login failed.
ftp: Can't connect or login to host `localhost'
500 OOPS: priv_sock_get_cmd

# grep 'vsftpd' /var/log/messages
Apr 18 12:38:49 aiolos xinetd[23286]: Reading included configuration file: /etc/xinetd.d/vsftpd [file=/etc/xinetd.d/vsftpd] [line=90]
Apr 18 12:39:03 aiolos xinetd[23660]: Reading included configuration file: /etc/xinetd.d/vsftpd [file=/etc/xinetd.d/vsftpd] [line=90]

Thanks,
Angelos

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/69

------------------------------------------------------------------------
On 2013-04-18T09:52:53+00:00 Tzotsos wrote:

And the strace:

# strace -p 23677 -tt -s 512
Process 23677 attached
12:51:03.048164 accept(3, {sa_family=AF_INET, sin_port=htons(46433), sin_addr=inet_addr("109.242.165.239")}, [16]) = 4
12:51:12.678545 clone(child_stack=0, flags=CLONE_NEWIPC|SIGCHLD) = 23929
12:51:12.678783 close(4)                = 0
12:51:12.678855 accept(3, 0x7fffba89a3a0, [28]) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
12:51:16.044845 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23929, si_status=2, si_utime=0, si_stime=0} ---
12:51:16.044914 alarm(1)                = 0
12:51:16.044968 rt_sigreturn()          = -1 EINTR (Interrupted system call)
12:51:16.045047 alarm(0)                = 1
12:51:16.045095 wait4(-1, NULL, WNOHANG, NULL) = 23929
12:51:16.045173 wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes)
12:51:16.045224 accept(3, {sa_family=AF_INET, sin_port=htons(46434), sin_addr=inet_addr("109.242.165.239")}, [16]) = 4
12:51:16.083371 clone(child_stack=0, flags=CLONE_NEWIPC|SIGCHLD) = 23936
12:51:16.083620 close(4)                = 0
12:51:16.083690 accept(3, 0x7fffba89a3a0, [28]) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
12:51:25.264770 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23936, si_status=2, si_utime=0, si_stime=0} ---
12:51:25.264834 alarm(1)                = 0
12:51:25.264882 rt_sigreturn()          = -1 EINTR (Interrupted system call)
12:51:25.264936 alarm(0)                = 1
12:51:25.264977 wait4(-1, NULL, WNOHANG, NULL) = 23936
12:51:25.265053 wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes)
12:51:25.265099 accept(3, {sa_family=AF_INET, sin_port=htons(46437), sin_addr=inet_addr("109.242.165.239")}, [16]) = 4
12:51:25.302455 clone(child_stack=0, flags=CLONE_NEWIPC|SIGCHLD) = 23941
12:51:25.302684 close(4)                = 0
12:51:25.302754 accept(3, ^CProcess 23677 detached
 <detached ...>

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/70

------------------------------------------------------------------------
On 2013-04-18T09:59:24+00:00 Suse+build wrote:

(In reply to comment #58)
> Hi Michal,
> 
> Thanks for the reply. I have switched to sftp to bypass this issue.
> Here is the info you asked:
> 
> # ftp ftp://ueser:*****.@localhost
> Trying ::1...
> ftp: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> 220 Welcome message
> 331 Please specify the password.
> 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
> ftp: Login failed.
> ftp: Can't connect or login to host `localhost'
> 500 OOPS: priv_sock_get_cmd

Add

    allow_writeable_chroot=YES

to the bottom of your /etc/vsftpd.conf file.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/71

------------------------------------------------------------------------
On 2013-04-18T10:07:41+00:00 Tzotsos wrote:

Thanks, it is working locally now. 
I still cannot access from remote location (error while changing to /home/user)

Looking into it.

Thanks,
Angelos

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/72

------------------------------------------------------------------------
On 2013-04-18T13:38:01+00:00 Cjgunzel wrote:

My story:

I've done several installs of 12.3.  My latest, I tried when installed
to start vsftpd from YaST.  It would not start, as usual, with the
message that for run levels 3, 5, network-remotefs had to be installed
(we all know by now there is no run lever 3 or 5 with systemd  ??) I
tried again a couple of days ago...same thing.  I keep installing all
the updates so decided last night to attemp to start vsftpd again from
YaST only to discover it was running!  I was able to connect from
another machine!  I don't know which fix did it but it seems to have
healed itself in some of the updates that have been released.

Many thanks to the team working on this (and other) issues.  If we get
these basic things working 12.3 has potential to be the best since 11.4.
KDE4.10.2 is VERY nice!  Awesome!

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/73

------------------------------------------------------------------------
On 2013-06-06T06:06:09+00:00 moenchmeyer wrote:

Hi, I am using Opensue 12.3 64 Bit. Freshly installed and updated to the
latest packages from the update repository.

In my opinion the problems regarding the present version 3.0.2-4.5.1 of
vsftp are far from resolved. As other related bugs as

https://bugzilla.novell.com/show_bug.cgi?id=806758

were marked as duplicates of this one I post my findings here.

Bug 1 
******
I still need 
seccomp_sandbox=NO
to connect, when TLS is enabled. With this option set to NO everything works as expected. 

However, if seccomp_sandbox=YES I get the following messages in
Filezilla when trying too connect from a remote system which also runs
under OS 12.3:

Status:	TLS/SSL-Verbindung hergestellt.
Antwort:	331 Please specify the password.
Befehl:	PASS *******
Antwort:	230 Login successful.
Befehl:	SYST
Antwort:	215 UNIX Type: L8
Befehl:	FEAT
Antwort:	211-Features:
Antwort:	 AUTH TLS
Antwort:	 EPRT
Antwort:	 EPSV
Antwort:	 MDTM
Antwort:	 PASV
Antwort:	 PBSZ
Antwort:	 PROT
Antwort:	 REST STREAM
Antwort:	 SIZE
Antwort:	 TVFS
Antwort:	 UTF8
Antwort:	211 End
Befehl:	OPTS UTF8 ON
Antwort:	200 Always in UTF8 mode.
Befehl:	PBSZ 0
Antwort:	200 PBSZ set to 0.
Befehl:	PROT P
Antwort:	200 PROT now Private.
Status:	Verbunden
Status:	Empfange Verzeichnisinhalt...
Befehl:	CWD /
Antwort:	250 Directory successfully changed.
Befehl:	PWD
Antwort:	257 "/"
Befehl:	TYPE I
Antwort:	200 Switching to Binary mode.
Befehl:	PASV
Fehler:	GnuTLS error -15: Ein unerwartetes TLS-Paket wurde empfangen.
Fehler:	Verbindung zum Server getrennt: ECONNABORTED - Connection aborted
Fehler:	Verzeichnisinhalt konnte nicht empfangen werden

Bug 2 (maybe related) 
******
2) Even with "seccomp_sandbox=NO", but switching to 

syslog_enable=YES

I get the following message in filezilla:

Status:	Connecting to 192.168.0.37:21...
Status:	Connection established, waiting for welcome message...
Response:	500 OOPS: priv_sock_get_cmd
Error:	Critical error
Error:	Could not connect to server

Bug 3: 
******
>From some OS 12.3 remote systems I cannot connect in case the following option is not set to NO: 

require_ssl_reuse=NO

So all in all vsftp still shows major deficiencies on Opensuse 12.3
which were not present in OS 12.2.

Any ideas what I could do ?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/113

------------------------------------------------------------------------
On 2013-06-06T08:07:45+00:00 moenchmeyer wrote:

(In reply to comment #63)
> From some OS 12.3 remote systems I cannot connect in case the following option
> is not set to NO: 
> 
> require_ssl_reuse=NO
> 

I have seen that the OS 12.3-systems for which the setting "require_ssl_reuse=NO" 
is required all had the original Filezilla version 3.5.3 form the OS 12.3 OSS repository installed. 

After installing Filezilla version 3.7.0.1 from the network repository

http://download.opensuse.org/repositories/network/openSUSE_12.3/

this problem, which is obviously client related, disappears and the setting 
require_ssl_reuse=YES 
works.   

The other problems described in comment #63, however, remain.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/114

------------------------------------------------------------------------
On 2013-07-10T15:48:36+00:00 Abonilla wrote:

guys, a fresh install of the vsftp will still show this problem, we had
to use the workaround provided. If a configuration setting has changed,
ie "require_ssl_reuse=NO" then we need to push this line to the default
config file...!

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/comments/115

** Changed in: opensuse
       Status: Unknown => Fix Released

** Changed in: opensuse
   Importance: Unknown => High

** Bug watch added: Novell/SUSE Bugzilla #806758
   https://bugzilla.novell.com/show_bug.cgi?id=806758

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in Ubuntu.
https://bugs.launchpad.net/bugs/1160372

Title:
  Login is not possible

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372/+subscriptions