vsftpd not changing security context while dropping privileges

Fernando Magro seramal at gmail.com
Sun Aug 30 19:58:51 UTC 2009


I noticed vsftpd starts running with UID 0 and MLS s0. When a user
logs in, a new process is spawn (forked) from vsftpd and UID is
changed to match the user. The problem is that MLS stays in s0, so if
the user has a different MLS it will make everything fail. Starting
vsftpd with s0-s0:c0.c1023 would be an option, but will then bypass
per-user MLS security. So IMHO vsftpd should be patched to change
security context when forking a new process.

You can reproduce the problem by running:
# semanage user -m -r s0-s0:c0.c1023 user_u
# groupadd testing
# useradd -m -g testing -Z user_u testing
# semanage login -m -r s0:c3 testing
# chcon -R -l s0:c3 /home/testing
# /etc/init.d/vsftpd start
# lftp
open -u testing,password localhost

Daniel Walsh said at https://bugzilla.redhat.com/show_bug.cgi?id=518569 :
Lets bring this up for discussion on the SELinux list.

There are two possibilities, here,  One is to just change the level on the
vstfpd process to run at the appropriate level of the user.  The second would
be to change the type, in order to run as a type appropriate for the user.  IE
With different privs then the vsftpd server.

More information about the fedora-selinux-list mailing list