[Bug 1065714] [NEW] vsftpd 2.3.5 needs allow_writeable_chroot option
Matthew Caron
matt at mattcaron.net
Thu Oct 11 20:41:16 UTC 2012
Public bug reported:
vsftpd 2.3.5 adds additional security checks which complain when the
root directory inside a chroot is writeable. While this is a legitimate
concern, it has been an issue with chrooted systems since they began,
and many installations knowingly balance that issue with convenience.
As such, the internet at large is in rebellion against this version of
vsftpd - just search for "vsftpd: refusing to run with writable root
inside chroot()", and the result are a pile of workarounds, from
"compile your own" to "install the package from an earlier version of
Ubuntu". These are suboptimal solutions in that it becomes too easy to
forget that you manually installed some things and old and unpatched
versions proliferate. When a release such as 12.04 has a 5 year support
cycle, this is a recipe for disaster.
The vsftpd maintainers have added an "allow_writeable_chroot" option in
later versions which bypasses this offending check. (I know it is in
3.0.0 at least). Either upgrading vsftpd in 12.04 to 3.0.0 or
backporting this to 2.3.5 would be acceptable solutions - the latter
likely being preferable.
** Affects: vsftpd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in Ubuntu.
https://bugs.launchpad.net/bugs/1065714
Title:
vsftpd 2.3.5 needs allow_writeable_chroot option
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1065714/+subscriptions
More information about the Ubuntu-server-bugs
mailing list