Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode

votdev votdev at gmx.de
Sat May 9 14:29:24 BST 2020 

Package: proftpd-basic
Version: 1.3.6-4+deb10u5
Severity: important

The proftpd daemon writes the pidfile with mode 0666 instead of 0644.
Because of that it is
not possible to stop or restart the daemon with "systemctl stop proftpd" or
"systemctl restart proftpd". The reason is the new security check of
start-stop-deamon
in conjunction with --pidfile.

The following error will be logged to syslog.

Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server:
proftpdstart-stop-daemon: matching on world-writable pidfile
/run/proftpd.pid is insecure
Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on
world-writable pidfile /run/proftpd.pid is insecure

-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages proftpd-basic depends on:
ii  adduser            3.118
ii  debianutils        4.8.6.1
ii  libacl1            2.2.53-4
ii  libattr1           1:2.4.48-4
ii  libc6              2.28-10
ii  libcap2            1:2.25-2
ii  libhiredis0.14     0.14.0-3
ii  libmemcached11     1.0.18-4.2
ii  libmemcachedutil2  1.0.18-4.2
ii  libncursesw6       6.1+20181013-2+deb10u2
ii  libpam-runtime     1.3.1-5
ii  libpam0g           1.3.1-5
ii  libpcre3           2:8.39-12
ii  libssl1.1          1.1.1d-0+deb10u3
ii  libtinfo6          6.1+20181013-2+deb10u2
ii  libwrap0           7.6.q-28
ii  lsb-base           10.2019051400
ii  netbase            5.6
ii  sed                4.7-1
ii  ucf                3.0038+nmu1
ii  zlib1g             1:1.2.11.dfsg-1

Versions of packages proftpd-basic recommends:
pn  proftpd-doc  <none>

Versions of packages proftpd-basic suggests:
pn  openbsd-inetd | inet-superserver  <none>
ii  openssl                           1.1.1d-0+deb10u3
pn  proftpd-mod-geoip                 <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-snmp                  <none>
pn  proftpd-mod-sqlite                <none>

-- Configuration Files:
/etc/ftpusers changed [not included]

-- no debconf information

More information about the Pkg-proftpd-maintainers mailing list