From: Joe MacDonald <joe@deserted.net>
To: rongqing.li@windriver.com
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [PATCH 2/2 meta-networking] vsftpd: change default secure_chroot_dir
Date: Fri, 18 Oct 2013 12:29:57 -0400 [thread overview]
Message-ID: <20131018162954.GA2456@deserted.net> (raw)
In-Reply-To: <1381394085-7681-2-git-send-email-rongqing.li@windriver.com>
[-- Attachment #1: Type: text/plain, Size: 6444 bytes --]
Hi Roy,
Is this different from the patch I received from Ming Liu about a month
ago? It doesn't look it at first glance, but I didn't diff the two.
-J.
[[oe] [PATCH 2/2 meta-networking] vsftpd: change default secure_chroot_dir] On 13.10.10 (Thu 16:34) rongqing.li@windriver.com wrote:
> From: Roy Li <rongqing.li@windriver.com>
>
> Change default value of secure_chroot_dir to /var/run/vsftpd/empty, add
> volatiles entry for it, to ensure it won't fail to start by xinetd.
>
> Signed-off-by: Roy Li <rongqing.li@windriver.com>
> ---
> .../vsftpd/files/change-secure_chroot_dir.patch | 55 ++++++++++++++++++++
> meta-networking/recipes-daemons/vsftpd/files/init | 2 +-
> .../vsftpd/files/volatiles.99_vsftpd | 2 +
> .../recipes-daemons/vsftpd/vsftpd_3.0.0.bb | 7 ++-
> 4 files changed, 64 insertions(+), 2 deletions(-)
> create mode 100644 meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
> create mode 100644 meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
>
> diff --git a/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
> new file mode 100644
> index 0000000..e7a673e
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
> @@ -0,0 +1,55 @@
> +vsftpd: change secure_chroot_dir default value
> +
> +Upstream-Status: Pending
> +
> +Change secure_chroot_dir pointing to a volatile directory.
> +
> +Signed-off-by: Ming Liu <ming.liu@windriver.com>
> +---
> + INSTALL | 6 +++---
> + tunables.c | 2 +-
> + vsftpd.conf.5 | 2 +-
> + 3 files changed, 5 insertions(+), 5 deletions(-)
> +
> +diff -urpN a/INSTALL b/INSTALL
> +--- a/INSTALL 2013-09-13 10:23:57.504972397 +0800
> ++++ b/INSTALL 2013-09-13 10:25:25.664971779 +0800
> +@@ -27,11 +27,11 @@ user in case it does not already exist.
> + [root@localhost root]# useradd nobody
> + useradd: user nobody exists
> +
> +-2b) vsftpd needs the (empty) directory /usr/share/empty in the default
> ++2b) vsftpd needs the (empty) directory /var/run/vsftpd/empty in the default
> + configuration. Add this directory in case it does not already exist. e.g.:
> +
> +-[root@localhost root]# mkdir /usr/share/empty/
> +-mkdir: cannot create directory `/usr/share/empty': File exists
> ++[root@localhost root]# mkdir /var/run/vsftpd/empty/
> ++mkdir: cannot create directory `/var/run/vsftpd/empty': File exists
> +
> + 2c) For anonymous FTP, you will need the user "ftp" to exist, and have a
> + valid home directory (which is NOT owned or writable by the user "ftp").
> +diff -urpN a/tunables.c b/tunables.c
> +--- a/tunables.c 2013-09-13 10:26:29.554972817 +0800
> ++++ b/tunables.c 2013-09-13 10:27:18.104972210 +0800
> +@@ -254,7 +254,7 @@ tunables_load_defaults()
> + /* -rw------- */
> + tunable_chown_upload_mode = 0600;
> +
> +- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
> ++ install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
> + install_str_setting("ftp", &tunable_ftp_username);
> + install_str_setting("root", &tunable_chown_username);
> + install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
> +diff -urpN a/vsftpd.conf.5 b/vsftpd.conf.5
> +--- a/vsftpd.conf.5 2013-09-13 10:09:33.774972462 +0800
> ++++ b/vsftpd.conf.5 2013-09-13 10:10:41.914971989 +0800
> +@@ -969,7 +969,7 @@ This option should be the name of a dire
> + directory should not be writable by the ftp user. This directory is used
> + as a secure chroot() jail at times vsftpd does not require filesystem access.
> +
> +-Default: /usr/share/empty
> ++Default: /var/run/vsftpd/empty
> + .TP
> + .B ssl_ciphers
> + This option can be used to select which SSL ciphers vsftpd will allow for
> diff --git a/meta-networking/recipes-daemons/vsftpd/files/init b/meta-networking/recipes-daemons/vsftpd/files/init
> index d0ec010..513f407 100755
> --- a/meta-networking/recipes-daemons/vsftpd/files/init
> +++ b/meta-networking/recipes-daemons/vsftpd/files/init
> @@ -2,7 +2,7 @@
> DAEMON=/usr/sbin/vsftpd
> NAME=vsftpd
> DESC="FTP Server"
> -ARGS=""
> +ARGS="/etc/vsftpd.conf"
> FTPDIR=/var/lib/ftp
>
> test -f $DAEMON || exit 0
> diff --git a/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
> new file mode 100644
> index 0000000..0f80776
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
> @@ -0,0 +1,2 @@
> +# <type> <owner> <group> <mode> <path> <linksource>
> +d root root 0755 /var/run/vsftpd/empty none
> diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
> index 7677477..09de1e9 100644
> --- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
> +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
> @@ -14,6 +14,8 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
> file://vsftpd.conf \
> file://vsftpd.user_list \
> file://vsftpd.ftpusers \
> + file://change-secure_chroot_dir.patch \
> + file://volatiles.99_vsftpd \
> "
>
> LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
> @@ -40,7 +42,7 @@ LDFLAGS_append =" -lcrypt -lcap"
> do_configure() {
> # Fix hardcoded /usr, /etc, /var mess.
> cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed s:\"/var:\"${localstatedir}:g \
> - |sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
> + |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
> mv tunables.c.new tunables.c
> }
>
> @@ -60,6 +62,9 @@ do_install() {
>
> install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/
> install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/
> + install -d ${D}/${sysconfdir}/default/volatiles
> + install -m 644 ${WORKDIR}/volatiles.99_vsftpd ${D}/${sysconfdir}/default/volatiles/99_vsftpd
> +
> if ! test -z "${PAMLIB}" ; then
> install -d ${D}${sysconfdir}/pam.d/
> cp ${S}/RedHat/vsftpd.pam ${D}${sysconfdir}/pam.d/vsftpd
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
next prev parent reply other threads:[~2013-10-18 16:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-10 8:34 [PATCH 1/2 meta-networking] vsftpd: use quotes to wrap variable rongqing.li
2013-10-10 8:34 ` [PATCH 2/2 meta-networking] vsftpd: change default secure_chroot_dir rongqing.li
2013-10-18 16:29 ` Joe MacDonald [this message]
2013-10-22 5:20 ` Rongqing Li
2013-10-18 16:30 ` [PATCH 1/2 meta-networking] vsftpd: use quotes to wrap variable Joe MacDonald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131018162954.GA2456@deserted.net \
--to=joe@deserted.net \
--cc=openembedded-devel@lists.openembedded.org \
--cc=rongqing.li@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.