vsftpd not changing security context while dropping privileges

Daniel J Walsh dwalsh at redhat.com
Mon Aug 31 12:20:04 UTC 2009

On 08/30/2009 03:58 PM, Fernando Magro wrote:
> Hi,
> I noticed vsftpd starts running with UID 0 and MLS s0. When a user
> logs in, a new process is spawn (forked) from vsftpd and UID is
> changed to match the user. The problem is that MLS stays in s0, so if
> the user has a different MLS it will make everything fail. Starting
> vsftpd with s0-s0:c0.c1023 would be an option, but will then bypass
> per-user MLS security. So IMHO vsftpd should be patched to change
> security context when forking a new process.
> You can reproduce the problem by running:
> # semanage user -m -r s0-s0:c0.c1023 user_u
> # groupadd testing
> # useradd -m -g testing -Z user_u testing
> # semanage login -m -r s0:c3 testing
> # chcon -R -l s0:c3 /home/testing
> # /etc/init.d/vsftpd start
> # lftp
> open -u testing,password localhost
> ls
> Daniel Walsh said at https://bugzilla.redhat.com/show_bug.cgi?id=518569 :
> Lets bring this up for discussion on the SELinux list.
> There are two possibilities, here,  One is to just change the level on the
> vstfpd process to run at the appropriate level of the user.  The second would
> be to change the type, in order to run as a type appropriate for the user.  IE
> With different privs then the vsftpd server.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fernando, I meant the Developers SELinux list which is selinux at tycho.nsa.gov

More information about the fedora-selinux-list mailing list