View Issue Details

IDProjectCategoryView StatusLast Update
0012747CentOS-7initscriptspublic2018-06-12 20:01
Reportersur_kg 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0012747: chrooted vsftpd child processes are not killed by "service vsftpd stop"
DescriptionAfter a client connects to vsftpd it spawns 2 child processes. One of these processes (that owns control connection) chroots to secure_chroot_dir from vsftpd.conf (/usr/share/empty by default) and another one may chroot to /var/ftp or to user's home dir (depending on vsftpd.conf).

If we try to stop vsftpd when client is connected, then chrooted childs of vsftpd are not killed, because they are not selected by __pids_pidof() function from /etc/rc.d/init.d/functions
Steps To Reproduce1. Install and start vsftpd
2. Connect to it as anonymous user
3. Issue command 'service vsftpd stop'
4. Child processes are not killed. Client is still connected and can continue normal work!
Additional InformationBrute force fix (copy-paste from /etc/rc.d/init.d/functions with few modifications) is in my copy of /etc/rc.d/init.d/vsftpd (see stop() function) which I attach to this ticket
TagsNo tags attached.
abrt_hash
URL

Activities

sur_kg

sur_kg

2017-01-29 19:38

reporter  

vsftpd (3,181 bytes)
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: vsftpd
# Required-Start: $local_fs $network $named $remote_fs $syslog
# Required-Stop: $local_fs $network $named $remote_fs $syslog
# Short-Description: Very Secure Ftp Daemon
# Description: vsftpd is a Very Secure FTP daemon. It was written completely from
#              scratch
### END INIT INFO

# vsftpd      This shell script takes care of starting and stopping
#             standalone vsftpd.
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program \
#              that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd/vsftpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

RETVAL=0
prog="vsftpd"

start() {
        # Start daemons.

	# Check that networking is up.
	[ ${NETWORKING} = "no" ] && exit 1

	[ -x /usr/sbin/vsftpd ] || exit 1

        if [ -d /etc/vsftpd ] ; then
                CONFS=`ls /etc/vsftpd/*.conf 2>/dev/null`
                [ -z $CONFS ] && exit 6
                for i in $CONFS; do
                        site=`basename $i .conf`
                        echo -n $"Starting $prog for $site: "
                        daemon /usr/sbin/vsftpd $i
                        RETVAL=$?
                        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
                        echo
                done
        else
                RETVAL=1
        fi
        return $RETVAL
}

stop() {
        # Stop daemons.
        echo -n $"Shutting down $prog: "
        killproc $prog
        RETVAL=$?
        echo

        [ "$RETVAL" -ne 0 ] && return $RETVAL

        # Sur:
        # workaroud bug that chrooted instances are not killed
        # because they are ignored by __pid_pidof in init.d/functions
        pid=`pidof -m -o $$ -o $PPID -o %PPID vsftpd `
        if checkpid $pid 2>&1; then
            # TERM first, then KILL if not dead
            kill -TERM $pid >/dev/null 2>&1
                usleep 100000
            if checkpid $pid ; then
                try=0
                while [ $try -lt $delay ] ; do
                    checkpid $pid || break
                    sleep 1
                    let try+=1
                done
                if checkpid $pid ; then
                    kill -KILL $pid >/dev/null 2>&1
                    usleep 100000
                fi
            fi
        fi
        checkpid $pid
        RC=$?
        echo -n "Shutting down vsftpd child processes"
        [ "$RC" -eq 0 ] && failure || success
        RETVAL=$((! $RC))
        echo

        [ "$RETVAL" -eq 0 ] && rm -f /var/lock/subsys/$prog
        return $RETVAL
}

# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart|reload)
        stop
        start
        RETVAL=$?
        ;;
  condrestart)
        if [ -f /var/lock/subsys/$prog ]; then
            stop
            start
            RETVAL=$?
        fi
        ;;
  status)
        status $prog
        RETVAL=$?
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart|condrestart|status}"
        exit 1
esac

exit $RETVAL
vsftpd (3,181 bytes)
N3WWN

N3WWN

2018-06-12 20:01

reporter   ~0032072

Hi sur_kg!

I was able to replicate the bug that you have reported and have logged a bug with Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1590541

Attached is a patch for the source RPM which redefines the __pids_pidof() function from /etc/rc.d/init.d/functions locally within SOURCES/vsftpd.init to catch chroot'd procs. This redefinition would work in any init script for processes which have chroot'd processes.

-Rich Alloway (Rogue Wave)

vsftpd-3.0.2-22_bugs.centos.org_12747.patch (2,140 bytes)
From b6c9e985be0a89c6e65d54667c33e2169d5452b1 Mon Sep 17 00:00:00 2001
From: Rich Alloway <richard.alloway@roguewave.com>
Date: Mon, 11 Jun 2018 17:03:13 -0400
Subject: [PATCH] Check in vsftpd.init which resolves issue reported in
 https://bugs.centos.org/view.php?id=12747 as well as wrapping the NETWORKING
 variable in quotes so as to not throw an error if it not initialized

---
 src/rpmbuild/SOURCES/vsftpd.init | 9 ++++++++-
 src/rpmbuild/SPECS/vsftpd.spec   | 5 ++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/rpmbuild/SOURCES/vsftpd.init b/src/rpmbuild/SOURCES/vsftpd.init
index 91c23e9..998ca9a 100755
--- a/src/rpmbuild/SOURCES/vsftpd.init
+++ b/src/rpmbuild/SOURCES/vsftpd.init
@@ -24,6 +24,13 @@
 # Source networking configuration.
 . /etc/sysconfig/network
 
+# Redefine __pids_pidof() from /etc/rc.d/init.d/functions to catch chroot'd procs (no -c param)
+# Output PIDs of matching processes, found using pidof
+__pids_pidof() {
+	pidof -m -o $$ -o $PPID -o %PPID -x "$1" || \
+		pidof -m -o $$ -o $PPID -o %PPID -x "${1##*/}"
+}
+
 RETVAL=0
 prog="vsftpd"
 
@@ -31,7 +38,7 @@ start() {
         # Start daemons.
 
 	# Check that networking is up.
-	[ ${NETWORKING} = "no" ] && exit 1
+	[ "${NETWORKING}" = "no" ] && exit 1
 
 	[ -x /usr/sbin/vsftpd ] || exit 1
 
diff --git a/src/rpmbuild/SPECS/vsftpd.spec b/src/rpmbuild/SPECS/vsftpd.spec
index 5b0bdfe..63a33b6 100644
--- a/src/rpmbuild/SPECS/vsftpd.spec
+++ b/src/rpmbuild/SPECS/vsftpd.spec
@@ -3,7 +3,7 @@
 
 Name: vsftpd
 Version: 3.0.2
-Release: 22%{?dist}
+Release: 22_rw001%{?dist}
 Summary: Very Secure Ftp Daemon
 
 Group: System Environment/Daemons
@@ -202,6 +202,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rc.d/init.d/vsftpd
 
 %changelog
+* Wed Jun  6 2018 Rich Alloway <richard.alloway@roguewave.com> - 3.0.2-22_rw001
+- Resolves: https://bugs.centos.org/view.php?id=12747 - chrooted vsftpd child processes are not killed by "service vsftpd stop"
+
 * Thu Mar 23 2017 Zdenek Dohnal <zdohnal@redhat.com> - 3.0.2-22
 - Resolves: #1432054 - secure ftp stopped working with default TLS settings in the new vsftpd package
 
-- 
1.8.3.1

Issue History

Date Modified Username Field Change
2017-01-29 19:38 sur_kg New Issue
2017-01-29 19:38 sur_kg File Added: vsftpd
2018-06-12 20:01 N3WWN File Added: vsftpd-3.0.2-22_bugs.centos.org_12747.patch
2018-06-12 20:01 N3WWN Note Added: 0032072