Bug#735357: vsftpd: seccomp generates audit syslog messages

Tue, 14 Jan 2014 15:45:37 -0800 

Package: vsftpd
Version: 3.0.2-12
Severity: normal


Since 3.0, vsftpd includes seccomp support (which is also enabled by
default). Now whenever a user logs out (with the BYE command), the
intermediate process is killed with SIGSYS. This seems to upset seccomp
leading to such syslog messages (note that I use a custom, more verbose 
syslog line format):

2014-01-15 00:10:17.974 ded kernel[-] kern.notice:[107326.360333] type=1326 
audit(1389741017.936:1304): auid=0 uid=65534 gid=65534 ses=7 pid=20755 
comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7f692b9a4997 code=0x0

It looks like this in strace:

...
close(6)                                = 0
write(4, "\1", 1)                       = 1
read(4, "", 1)                          = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
+++ killed by SIGSYS +++

Disabling seccomp by setting seccomp_sandbox=NO in the config makes this go
away, the strace then looks like that:

...
close(6)                                = 0
write(4, "\1", 1)                       = 1
read(4, "", 1)                          = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
alarm(1)                                = 0
rt_sigreturn(0x1)                       = 0
alarm(0)                                = 1
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 21678
exit_group(0)                           = ?
Process 21674 detached

This all matches with the audit message: sig 31 is SIGSYS, syscall 37 is
alarm(), so could be an issue with the seccomp policy.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vsftpd depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.52
ii  init-system-helpers    1.14
ii  libc6                  2.17-97
ii  libcap2                1:2.22-1.2
ii  libpam-modules         1.1.3-9
ii  libpam0g               1.1.3-9
ii  libssl1.0.0            1.0.1f-1
ii  libwrap0               7.6.q-24
ii  netbase                5.2

Versions of packages vsftpd recommends:
ii  logrotate  3.8.6-1
ii  ssl-cert   1.0.33

vsftpd suggests no packages.

-- Configuration Files:
/etc/init.d/vsftpd changed [not included]
/etc/logrotate.d/vsftpd changed [not included]
/etc/pam.d/vsftpd changed [not included]
/etc/vsftpd.conf changed [not included]

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to