Package: vsftpd Version: 2.2.0-4 Severity: normal Tags: patch
The init.d script that comes with vsftpd aborts all processing unless listen=yes in the configuration file. As a result, if you do the following: 1. Start vsftpd in standalone mode 2. Comment out listen=yes, or change it to listen=no 3. Attempt to stop or restart the service by calling the init-script the script will exit cleanly, but the vsftpd process will still be running. There is no feedback provided to the administrator that the commands have been ignored. The attached patch moves the logic of the standalone check into a function to be called by the start/restart logic, and ensures that the administrator is given appropriate feedback if the script will not be started. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (700, 'unstable'), (600, 'stable'), (550, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vsftpd depends on: ii adduser 3.111 add and remove users and groups ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy ii libc6 2.10.1-5 GNU C Library: Shared libraries ii libcap2 1:2.17-2 support for getting/setting POSIX. ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f ii libpam0g 1.1.0-4 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8k-5 SSL shared libraries ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra ii netbase 4.37 Basic TCP/IP networking system Versions of packages vsftpd recommends: ii logrotate 3.7.8-4 Log rotation utility vsftpd suggests no packages. -- debconf information excluded
--- /etc/init.d/vsftpd +++ /etc/init.d/vsftpd @@ -14,11 +14,16 @@ set -e -# Exit if vsftpd.conf doesn't have listen=yes or listen_ipv6=yes -# (mandatory for standalone operation) -if [ -f /etc/vsftpd.conf ] && ! egrep -iq "^ *listen(_ipv6)? *= *yes" /etc/vsftpd.conf; then - exit 0 -fi +# Returns 1 if not configured for standalone operation. +check_standalone_mode () { + # Exit if vsftpd.conf doesn't have listen=yes or listen_ipv6=yes + # (mandatory for standalone operation) + local CONFFILE='/etc/vsftpd.conf' + if [ -f "$CONFFILE" ] && ! egrep -iq "^ *listen(_ipv6)? *= *yes" "$CONFFILE"; then + echo "$CONFFILE: listen disabled : service will not start" + return 1 + fi +} DAEMON=/usr/sbin/vsftpd NAME=vsftpd @@ -37,6 +42,7 @@ case "$1" in start) + check_standalone_mode || exit echo -n "Starting FTP server: " [ -d ${CHROOT} ] || mkdir -p ${CHROOT} start-stop-daemon --start --background -m --oknodo --pidfile /var/run/vsftpd/vsftpd.pid --exec $DAEMON @@ -49,9 +55,12 @@ echo "${NAME}." ;; restart) - echo -n "Restarting FTP server: " + echo -n "Stopping FTP server: " start-stop-daemon --stop --pidfile /var/run/vsftpd/vsftpd.pid --oknodo --exec $DAEMON rm -f /var/run/vsftpd/vsftpd.pid + echo "${NAME}." + check_standalone_mode || exit + echo -n "Starting FTP server: " start-stop-daemon --start --background -m --pidfile /var/run/vsftpd/vsftpd.pid --exec $DAEMON echo "${NAME}." ;;