I was double checking this on other releases and got the hang on focal. I could indeed only trigger this with FTPS on focal, but AFAICS the same config as on Oracular. That motivated me, so I tried fresh F,J,N,O systems which in theory should all be the same but obviously behave different.
And I found it is not affecting Noble and higher. That is weird in itself, as there the only difference is that they got two no change rebuilds (for a CVE and for libssl3t64) I was updating the steps to recreate as I used them for this. For >=Noble this either really is no issue due to yet unknown reasons, or on >Noble we need adapted test steps that would trigger it there. # install $ apt install lftp vsftpd # change config $ sed -i.old '1 i\account optional pam_exec.so debug quiet /root/foo.sh\' /etc/pam.d/vsftpd # script to run $ cat > /root/foo.sh << EOF #!/bin/bash /bin/true touch /tmp/brooks-was-here /bin/true EOF $ chmod +x /root/foo.sh # enable ssl $ sed -i -s -e 's/ssl_enable=NO/ssl_enable=YES/' /etc/vsftpd.conf $ systemctl restart vsftpd.service # Place a file there $ echo foobar > /home/ubuntu/egal # set test PW to ubuntu user echo 'ubuntu:ubuntu' | chpasswd # Using it with ftps (and ignore cert verification as it is the snakeoil cert) To verify the test config, if you run this in a second console you should see it calling the script as yo uact on the server. $ tail -f /var/log/auth.log ... 2024-07-16T07:30:37.966553+00:00 o vsftpd: pam_exec(vsftpd:account): Calling /root/foo.sh ... Good case (Noble / Oracular): root@n:~# lftp 127.0.0.1 lftp 127.0.0.1:~> set ftp:ssl-force true lftp 127.0.0.1:~> set ssl:verify-certificate false lftp 127.0.0.1:~> login ubuntu ubuntu lftp [email protected]:~> dir -rw-r--r-- 1 0 0 7 Jul 16 07:30 egal lftp [email protected]:~> get egal 7 bytes transferred lftp [email protected]:~> exit root@n:~# cat egal foobar Bad case (Focal and Jammy) root@j:~# lftp 127.0.0.1 lftp 127.0.0.1:~> set ftp:ssl-force true lftp 127.0.0.1:~> set ssl:verify-certificate false lftp 127.0.0.1:~> login ubuntu ubuntu lftp [email protected]:~> dir `ls' at 0 [Sending commands...] ^^ here it hangs ** Also affects: vsftpd (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: vsftpd (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: vsftpd (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: vsftpd (Ubuntu Oracular) Importance: Undecided Status: Incomplete ** Changed in: vsftpd (Ubuntu Focal) Status: New => Confirmed ** Changed in: vsftpd (Ubuntu Jammy) Status: New => Confirmed ** Changed in: vsftpd (Ubuntu Noble) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2069324 Title: vsftpd hangs with SIGCHLD when pam_exec.so is used To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/2069324/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
