[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

woes with proftpd and quotas


I'm running a strictly potato+security - box with proftpd on it.

So far, everything works fine, even chroot()ing users, using a special 
 password-file and such.

But as soon as I enable quotas proftpd stops working completely, it 
 grants login and commands as "passive" et al, but even a simple LIST 
 causes it to die immediately.

>From the client side this looks like:

ftp> ls
200 PORT command successful.
421 Service not available, remote server has closed connection

If I run proftpd in full debug mode this is what I get (FQDNs and IPs 
 omitted to protect the guilty ;) ):
ka (dump[x.x.x.x]) - USER waldner: Login successful.
ka (dump[x.x.x.x]) - mysql: close [0] for mod_sqlpw/2.0
ka (dump[x.x.x.x]) - received: SYST
ka (dump[x.x.x.x]) - received: PORT x,x,x,x,8,131
ka (dump[x.x.x.x]) - received: LIST
ka (dump[x.x.x.x]) - ProFTPD terminating (signal 11)

The configuration seems to parse quite fine:
ka (dump[x.x.x.x]) - Config for ka.graffl.net:
ka (dump[x.x.x.x]) - Quotas
ka (dump[x.x.x.x]) - DefaultQuota
ka (dump[x.x.x.x]) - QuotaCalc
ka (dump[x.x.x.x]) - QuotaType
ka (dump[x.x.x.x]) - QuotaBlockSize
ka (dump[x.x.x.x]) - AuthUserFile
ka (dump[x.x.x.x]) - AuthGroupFile
ka (dump[x.x.x.x]) - RequireValidShell
ka (dump[x.x.x.x]) - User
ka (dump[x.x.x.x]) - UserName
ka (dump[x.x.x.x]) - Group
ka (dump[x.x.x.x]) - GroupName
ka (dump[x.x.x.x]) - DefaultRoot
ka (dump[x.x.x.x]) - AllowOverwrite
ka (dump[x.x.x.x]) - Umask
ka (dump[x.x.x.x]) - DenyFilter
ka (dump[x.x.x.x]) - PathDenyFilter
ka (dump[x.x.x.x]) - USER
ka (dump[x.x.x.x]) - CURRENT-CLIENTS

Also an strace on the child process doesn't reveal anything useful (to 
read(0, "LIST\r\n", 1022)               = 6
alarm(0)                                = 284
alarm(284)                              = 0
write(2, "ka (dump[6"..., 63) = 63
geteuid()                               = 1000
--- SIGSEGV (Segmentation fault) ---

So, has anyone any idea on what's happening? I can run w/o quotas for 
 some time but I don't really trust my users to behave...

/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /

Attachment: pgphA0EJzlZux.pgp
Description: PGP signature

Reply to: