On Fri, Jul 22, 2005 at 07:50:57PM +0200, Igor Genibel wrote: > Package: proftpd > Severity: important > > > Hi Francesco, > > We encounter a serious problem with proftpd since the -10 version on our > webhosting platform. > The -9 version does not have this bug. > We have machine in Sarge and we are quite frightened because of > potential security updates. >
Have a try with deb http://people.debian.org/~frankie/debian/sarge/ ./ which contains -20. BTW, you have mod_delay off which is not recommended and at least a couple of sec flaws in case of SQL use. Bind will be deprecated in 1.3.0 just for notice (and not working). The problem you point is absolutely new for me. I have a few installations working without any problem, also under heavy load. I recommend you to use an update version: too much patches are around since -9 days. > Thanks. > > After few hours a process eat all the memory and then all the processes > are killed by the VM killer. He are some information: > > proftpd.conf: > ServerType standalone > RequireValidShell off > DefaultRoot ~ > MaxClientsPerUser 8 > MaxClientsPerHost 16 > MaxHostsPerUser 8 > MaxInstances 100 > # hide version > ServerIdent on "" > TransferLog /var/log/proftpd.log > TimeoutIdle 900 > Umask 0072 > > # boost initial connection up > IdentLookups off > WtmpLog off > UseReverseDNS off > > Bind 10.0.1.14 > AllowOverwrite on > AllowStoreRestart on > > ListOptions "-a" > > # SSL > #TLSEngine on > #TLSRSACertificateFile /etc/proftpd-rsa.pem > #TLSLog /var/log/tls.log > > > [EMAIL PROTECTED]:~# ps auwxww | grep proftpd > root 12950 0.1 0.1 4688 1388 ? Ss 14:21 0:14 proftpd: > (accepting connections) > 21340 11699 1.7 0.2 4872 2112 ? S 17:37 0:03 proftpd: > pakavadenn - 62.161.99.217: IDLE > cyrilb 11703 26.1 89.6 1370784 926096 ? R 17:38 0:37 proftpd: > cyrilb - 10.0.6.2: IDLE > ngs 11806 0.4 0.2 4872 2360 ? S 17:39 0:00 proftpd: ngs > - 84.6.16.193: IDLE > root 11946 0.0 0.0 1540 496 pts/2 R+ 17:40 0:00 grep proftpd > > > > [EMAIL PROTECTED]:~# strace -p 11703 > Process 11703 attached - interrupt to quit > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- fcntl64(4, F_SETLKW64, > {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > --- SIGSEGV (Segmentation fault) @ 0 (0) --- > fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, > 0x80d7a48) = 0 > _llseek(4, 16, [16], SEEK_SET) = 0 > write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = > 520 > _llseek(4, 16, [16], SEEK_SET) = 0 > [...] > until killed > > -- System Information: > Debian Release: testing/unstable > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.12-1-686 > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
