FS#62889 - [vsftpd] Bug in seccomp sandbox

Attached to Project: Community Packages
Opened by Paul Schaefer (schaeferpp) - Thursday, 13 June 2019, 13:35 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 04 July 2019, 22:57 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No

Details

Description:

The seccomp sandbox feature of vsftpd prevents ftp users from getting a directory listing. In the default setting a new process is created for each FTP connection that dies from the signal SIGSYS when trying to do a directory listing.

The seccomp_sandbox option of vsftpd is active in the default configuration, when disabling this (setting seccomp_sandbox=NO in the /etc/vsftpd.conf) the directory listing works as intended.

This presumably is a bug in vsftpd because it allows the execution of the getdents syscall, but not the getdents64 syscall which is used at least on my two arch linux machines.

This problem can be fixed by patching vsftpd.

Applying the following patch in vsftpd fixes the bug.

--- seccompsandbox.c 2019-06-13 15:08:59.290349197 +0200
+++ seccompsandbox.c.orig 2019-06-13 15:30:04.614378983 +0200
@@ -409,7 +409,6 @@
allow_nr(__NR_getcwd);
allow_nr(__NR_chdir);
allow_nr(__NR_getdents);
- allow_nr(__NR_getdents64);
/* Misc */
allow_nr(__NR_umask);

Unfortunately, I did not find a way to propose this path for upstream.

Additional info:
* glibc in version 2.29
* vsftpd in version 3.0.3-4

Steps to reproduce:
1. Install vsftpd
2. strace -f vsftpd
3. use `ftp` tool to connect to localhost, user "anonymous", password empty
4. execute `ls` in the interactive ftp client
5. observe strace's output
This task depends upon

Closed by  Levente Polyak (anthraxx)
Thursday, 04 July 2019, 22:57 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.0.3-6
Comment by Paul Schaefer (schaeferpp) - Thursday, 13 June 2019, 14:29 GMT
Sorry, did the diff in the wrong order.

The correct patch is as follows.

--- seccompsandbox.c.orig 2019-06-13 15:30:04.614378983 +0200
+++ seccompsandbox.c 2019-06-13 15:08:59.290349197 +0200
@@ -409,6 +409,7 @@
allow_nr(__NR_getcwd);
allow_nr(__NR_chdir);
allow_nr(__NR_getdents);
+ allow_nr(__NR_getdents64);
/* Misc */
allow_nr(__NR_umask);

Loading...