Ubuntu
pure-ftpd package

Pure-ftpd overwrite protection does not work if resume is used

Bug #1276144 reported by Nicolas Le Bihan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pure-ftpd (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hi,

It seems that there is a bug about the overwrite protection.

Server is :
Distributor ID: Ubuntu
Description: Ubuntu 12.04.4 LTS
Release: 12.04
Codename: precise

Pure-Ftpd installed is :
rc pure-ftpd 1.0.35-1 Secure and efficient FTP server
ii pure-ftpd-common 1.0.35-1 Pure-FTPd FTP server (Common Files)
ii pure-ftpd-ldap 1.0.35-1 Secure and efficient FTP server with LDAP user authentication

Options are :
AltLog clf:/var/log/pure-ftpd/transfer.log
AnonymousCantUpload yes
AntiWarez yes
AutoRename yes
CreateHomeDir yes
Daemonize yes
DisplayDotFiles no
DontResolve yes
FortunesFile /etc/pure-ftpd/conf/.banner
FSCharset UTF-8
IPV4Only yes
KeepAllFiles yes
LDAPConfigFile /etc/pure-ftpd/db/ldap.conf
MinUID 1000
NoAnonymous no
NoChmod yes
NoRename yes
PAMAuthentication no
PassivePortRange 1 000 010 600
ProhibitDotFilesRead yes
ProhibitDotFilesWrite yes
PureDB /etc/pure-ftpd/pureftpd.pdb
TLS 3
Umask 337 337
UnixAuthentication no
VerboseLog yes

                Virtual users are chrooted :
test1:$1$hzsp30D0$bknAXCxCr1xL78SwaROOU1:1002:1001::/ftp/./test1/./::::::::::::
                It system account is :
vi /etc/passwd
ftptest1:x:1002:1001::/dev/null:/etc

Client is using :
Filezilla 3.7.3 within Windows 7.

PROBLEM

For our business with partners, we have to protect data uploaded because no modifications have to be done once released on binaries.
So deleting is not permitted, rewrite also in order to protect original data. Rights are also modified once uploaded (see umask 337 337)…
All works fine until the following :

If you upload the same file again (account test1), and choose « resume » within Filezilla, you first got a critical error BUT the file is deleted.
Then you’re able to upload a file with same name and we are in fault regarding the protection of original data uploaded…

Let me know if you need more details…

Revision history for this message
Stefan Hornburg (Racke) (racke) wrote : Re: [Bug 1276144] [NEW] Pure-ftpd overwrite protection does not work if resume is used

On 02/04/2014 02:07 PM, Nicolas Le Bihan wrote:
> Public bug reported:
>
> Hi,
>
> It seems that there is a bug about the overwrite protection.
>
> Server is :
> Distributor ID: Ubuntu
> Description: Ubuntu 12.04.4 LTS
> Release: 12.04
> Codename: precise
>
>
> Pure-Ftpd installed is :
> rc pure-ftpd 1.0.35-1 Secure and efficient FTP server
> ii pure-ftpd-common 1.0.35-1 Pure-FTPd FTP server (Common Files)
> ii pure-ftpd-ldap 1.0.35-1 Secure and efficient FTP server with LDAP user authentication
>
>
> Options are :
> AltLog clf:/var/log/pure-ftpd/transfer.log
> AnonymousCantUpload yes
> AntiWarez yes
> AutoRename yes
> CreateHomeDir yes
> Daemonize yes
> DisplayDotFiles no
> DontResolve yes
> FortunesFile /etc/pure-ftpd/conf/.banner
> FSCharset UTF-8
> IPV4Only yes
> KeepAllFiles yes
> LDAPConfigFile /etc/pure-ftpd/db/ldap.conf
> MinUID 1000
> NoAnonymous no
> NoChmod yes
> NoRename yes
> PAMAuthentication no
> PassivePortRange 1 000 010 600
> ProhibitDotFilesRead yes
> ProhibitDotFilesWrite yes
> PureDB /etc/pure-ftpd/pureftpd.pdb
> TLS 3
> Umask 337 337
> UnixAuthentication no
> VerboseLog yes
>
>
> Virtual users are chrooted :
> test1:$1$hzsp30D0$bknAXCxCr1xL78SwaROOU1:1002:1001::/ftp/./test1/./::::::::::::
> It system account is :
> vi /etc/passwd
> ftptest1:x:1002:1001::/dev/null:/etc
>
>
> Client is using :
> Filezilla 3.7.3 within Windows 7.
>
>
> PROBLEM
>
> For our business with partners, we have to protect data uploaded because no modifications have to be done once released on binaries.
> So deleting is not permitted, rewrite also in order to protect original data. Rights are also modified once uploaded (see umask 337 337)…

Deletion is an operation which affects the directory, thus the file permissions doesn't matter.
Maybe you need file system ACLs in your usecase.

Regards
 Racke

--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

Revision history for this message
Nicolas Le Bihan (q-nicolas) wrote :

If i'm right, such a KeepAllFiles option to yes should prevent any deletion.

In fact most of the time it is. When i tried to overwrite a file it was doing it's job by refusing, when trying to delete also.

But, when you're doing a resume of an upload (via Filezilla for example), even if the file is already completly uploaded, this does not matter, an error happens bnotifying that you do not got the right to do it, BUT file is deleted.

So at the end, the KeepAllFiles option is not preventing file modification (file is deleted).

I'm talking about the pureftpd internal stuff, not the file system protection.
Umask was only used to permit other ftp accounts to read only data when not in their own directory.

According to me, the problem is within pure-ftpd and how it works with KeepAllFiles option when used and about resuming function that can lead to bypassing the KeepAllFiles protection.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.