LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-09-2012, 06:29 AM   #1
Maris-S
LQ Newbie
 
Registered: Feb 2010
Location: Latvia
Distribution: Slackware 14.0
Posts: 28

Rep: Reputation: 2
Vsftpd and chroot.


Hello!

I configured vsftpd with locking users to their home directories. Now I see that vsftpd do not allow by default to make user root directory writable, because of some security reasons related to glibc. After reading some articles found with google, I found option:

Code:
allow_writeable_chroot=YES
but now I'm thinking, if it's already safe enough to use it, or better to avoid this? Making some subfolders in users home directories would not be best option.

I'm using:

Slackware 14,
glibc 2.15,
vsftpd 3.0.2.

Thanks in advance!
 
Old 10-09-2012, 06:40 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
If you don't want to create some "upload" directories in your users' homedirs, then you should use in vsftpd.conf the following
Code:
allow_writeable_chroot=YES
Regards
 
Old 10-09-2012, 08:03 AM   #3
Maris-S
LQ Newbie
 
Registered: Feb 2010
Location: Latvia
Distribution: Slackware 14.0
Posts: 28

Original Poster
Rep: Reputation: 2
Thank you for your answer Bathory, but I think I was not very clear with my question. In general I found this option and it works fine for me, it suppose to work since vsftpd 3.0.0, but main question was - if it's secure enough? I found quite a lot of warnings in internet and vsftpd documentation about possible security issues when chroot_local_user is enabled, but there is no detailed description about it. Problem mainly is glibc related. I'm not so sure yet, but it looks like it's possible that FTP daemon under particular conditions can consider users chrooted home directory like normal root directory and e.g. read some config file etc/my_conf which is in users home directory.

Here is some quotes about it.

https://security.appspot.com/vsftpd/vsftpd_conf.html

Quote:
chroot_local_user
If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

Default: NO

https://security.appspot.com/vsftpd/FAQ.txt

Quote:
Q) Help! What are the security implications referred to in the
"chroot_local_user" option?
A) Firstly note that other ftp daemons have the same implications. It is a
generic problem.
The problem isn't too severe, but it is this: Some people have FTP user
accounts which are not trusted to have full shell access. If these
accounts can also upload files, there is a small risk. A bad user now has
control of the filesystem root, which is their home directory. The ftp
daemon might cause some config file to be read - e.g. /etc/some_file. With
chroot(), this file is now under the control of the user. vsftpd is
careful in this area. But, the system's libc might want to open locale
config files or other settings...
Mostly it's written that this is small risk, but I can't find info on what conditions this security issue can be used? Maybe I even don't have such conditions in server configuration, maybe even glibc already don't have this bug, but I'm not sure.
 
Old 10-09-2012, 08:44 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,884

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
I would say chroot() is quite secure as long as the user does not have shell access to the system.
Besides, ftp is an insecure protocol per se, so if you're concerned so much about security, better consider another way for your users to transfer files (like ftps or sftp/scp)

Regards
 
Old 10-10-2012, 02:42 AM   #5
Maris-S
LQ Newbie
 
Registered: Feb 2010
Location: Latvia
Distribution: Slackware 14.0
Posts: 28

Original Poster
Rep: Reputation: 2
Thanks Bathory one more time.

Well, yes, there is no shell access for FTP users, I disabled it by specifying /bin/false shell for them, so I think it's OK and I will use it like this, though I will keep searching detailed info about this security issue.

Yes, I know that would be better to encrypt data which are being sent by FTP, but at this time it is not so important, I'm more worried about server security itself.
 
Old 10-10-2012, 03:59 AM   #6
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
Hi Maris-S,

Quote:
I'm more worried about server security itself.


Instead of disabling the shell of ftp user .You are configured vsftpd with virtual user.Even it gives you more security and you cannot able to make login via ssh using virtual vsftpd user


These the link you have to look for configure vsftpd (Virtual user)


http://www.cyberciti.biz/tips/centos...ual-users.html
 
Old 10-10-2012, 06:33 AM   #7
Maris-S
LQ Newbie
 
Registered: Feb 2010
Location: Latvia
Distribution: Slackware 14.0
Posts: 28

Original Poster
Rep: Reputation: 2
Hi Arun5002!

Yes, virtual users is one of the options and I'm still thinking if I will use system users or virtual users, didn't decide yet. Though virtual users has the same security issue I described in previous posts as this issue is not for users itself. In general it is not even vsftpd issue, the same is for ProFTPD, to be more precise issue is in glibc. But anyway thanks for your answer.
 
Old 10-10-2012, 01:15 PM   #8
mmheera
Member
 
Registered: Oct 2012
Location: Germany
Distribution: Ubuntu, Debian, Fedora,Windows 7
Posts: 107

Rep: Reputation: 11
Hi Maris-S,

I guess it has more to do with the security issue of chroot() in general. Chroot() is not 100% secure of course and it has its own vulnerabilities. But breaking out of jail requires root permission. And there are a few things to be taken care of to make the it more secure.In the following short article you can find them:

Best Practices for UNIX chroot() Operations

And if you are interested, here is also an article about breaking out of jail:

How to break out of a chroot() jail

It also says: "FreeBSD 4.x and above have a better chroot() system call".

Hope it helps.

Thanks!
 
Old 10-10-2012, 01:41 PM   #9
sneakyimp
Member
 
Registered: Dec 2004
Posts: 791

Rep: Reputation: 49
Quote:
Originally Posted by Maris-S View Post
Yes, I know that would be better to encrypt data which are being sent by FTP, but at this time it is not so important, I'm more worried about server security itself.
I would remind you that uploaded files may often contain sensitive credentials. If your users are uploading PHP or ASP.NET files to a web root for some domain, then it will be possible to execute files on your server. I would imagine SFTP or FTPS would provide a lot more security.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CHROOT in VSFTPD rolando1bueno Linux - Security 8 12-09-2007 09:32 AM
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 07:24 PM
vsftpd and chroot bstempi Linux - Security 10 11-08-2005 02:56 PM
vsftpd and chroot gbj Linux - Networking 3 03-08-2005 02:47 AM
Another vsftpd/chroot question mattsavigear Linux - Security 9 12-15-2002 03:39 PM


All times are GMT -5. The time now is 10:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration