Focal verification 1. Repro issue root@f:~# apt install lftp vsftpd Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ssl-cert Suggested packages: openssl-blacklist The following NEW packages will be installed: lftp ssl-cert vsftpd 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 695 kB of archives. After this operation, 2098 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://archive.ubuntu.com/ubuntu focal/main amd64 lftp amd64 4.8.4-2build3 [563 kB] Get:2 http://archive.ubuntu.com/ubuntu focal/main amd64 ssl-cert all 1.0.39 [17.0 kB] Get:3 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 vsftpd amd64 3.0.5-0ubuntu0.20.04.1 [115 kB] Fetched 695 kB in 1s (841 kB/s) Preconfiguring packages ... Selecting previously unselected package lftp. (Reading database ... 32221 files and directories currently installed.) Preparing to unpack .../lftp_4.8.4-2build3_amd64.deb ... Unpacking lftp (4.8.4-2build3) ... Selecting previously unselected package ssl-cert. Preparing to unpack .../ssl-cert_1.0.39_all.deb ... Unpacking ssl-cert (1.0.39) ... Selecting previously unselected package vsftpd. Preparing to unpack .../vsftpd_3.0.5-0ubuntu0.20.04.1_amd64.deb ... Unpacking vsftpd (3.0.5-0ubuntu0.20.04.1) ... Setting up lftp (4.8.4-2build3) ... Setting up ssl-cert (1.0.39) ... Setting up vsftpd (3.0.5-0ubuntu0.20.04.1) ... Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /lib/systemd/system/vsftpd.service. Processing triggers for systemd (245.4-4ubuntu3.23) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for mime-support (3.64ubuntu1) ... root@f:~# sed -i.old '1 i\account optional pam_exec.so debug quiet /root/foo.sh\' /etc/pam.d/vsftpd root@f:~# cat > /root/foo.sh << EOF > #!/bin/bash > /bin/true > touch /tmp/brooks-was-here > /bin/true > EOF root@f:~# chmod +x /root/foo.sh root@f:~# sed -i -s -e 's/ssl_enable=NO/ssl_enable=YES/' /etc/vsftpd.conf root@f:~# systemctl restart vsftpd.service root@f:~# echo foobar > /home/ubuntu/egal root@f:~# echo 'ubuntu:ubuntu' | chpasswd root@f:~# lftp 127.0.0.1 lftp 127.0.0.1:~> set ftp:ssl-force true lftp 127.0.0.1:~> set ssl:verify-certificate false lftp 127.0.0.1:~> login ubuntu ubuntu lftp ubuntu@127.0.0.1:~> dir `ls' at 0 [Sending commands...] => hang 2. Install and verify fix root@f:~# cat </etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list > # Enable Ubuntu proposed archive > deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe > EOF root@f:~# apt update Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease Hit:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease Hit:3 http://archive.ubuntu.com/ubuntu focal-backports InRelease Get:4 http://archive.ubuntu.com/ubuntu focal-proposed InRelease [277 kB] Hit:5 http://security.ubuntu.com/ubuntu focal-security InRelease Get:6 http://archive.ubuntu.com/ubuntu focal-proposed/restricted amd64 Packages [474 kB] Get:7 http://archive.ubuntu.com/ubuntu focal-proposed/restricted Translation-en [65.0 kB] Get:8 http://archive.ubuntu.com/ubuntu focal-proposed/restricted amd64 c-n-f Metadata [420 B] Get:9 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages [343 kB] Get:10 http://archive.ubuntu.com/ubuntu focal-proposed/main Translation-en [70.3 kB] Get:11 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 c-n-f Metadata [2156 B] Get:12 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse amd64 Packages [7460 B] Get:13 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse Translation-en [2348 B] Get:14 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse amd64 c-n-f Metadata [312 B] Get:15 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages [58.4 kB] Get:16 http://archive.ubuntu.com/ubuntu focal-proposed/universe Translation-en [27.5 kB] Get:17 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 c-n-f Metadata [2912 B] Fetched 1330 kB in 1s (1174 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 38 packages can be upgraded. Run 'apt list --upgradable' to see them. root@f:~# apt install lftp vsftpd Reading package lists... Done Building dependency tree Reading state information... Done lftp is already the newest version (4.8.4-2build3). The following packages will be upgraded: vsftpd 1 upgraded, 0 newly installed, 0 to remove and 37 not upgraded. Need to get 115 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 vsftpd amd64 3.0.5-0ubuntu0.20.04.2 [115 kB] Fetched 115 kB in 1s (229 kB/s) Preconfiguring packages ... (Reading database ... 32310 files and directories currently installed.) Preparing to unpack .../vsftpd_3.0.5-0ubuntu0.20.04.2_amd64.deb ... Unpacking vsftpd (3.0.5-0ubuntu0.20.04.2) over (3.0.5-0ubuntu0.20.04.1) ... Setting up vsftpd (3.0.5-0ubuntu0.20.04.2) ... vsftpd user (ftp) already exists, doing nothing. vsftpd directory (/srv/ftp) already exists, doing nothing. Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3.23) ... root@f:~# systemctl status vsftpd ● vsftpd.service - vsftpd FTP server Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-08-05 05:58:53 UTC; 12s ago Main PID: 2379 (vsftpd) Tasks: 1 (limit: 38263) Memory: 876.0K CPU: 8ms CGroup: /system.slice/vsftpd.service └─2379 /usr/sbin/vsftpd /etc/vsftpd.conf Aug 05 05:58:53 f systemd[1]: Starting vsftpd FTP server... Aug 05 05:58:53 f systemd[1]: Started vsftpd FTP server. root@f:~# lftp 127.0.0.1 lftp 127.0.0.1:~> set ftp:ssl-force true lftp 127.0.0.1:~> set ssl:verify-certificate false lftp 127.0.0.1:~> login ubuntu ubuntu lftp ubuntu@127.0.0.1:~> dir -rw-r--r-- 1 0 0 7 Aug 05 05:55 egal lftp ubuntu@127.0.0.1:~> get egal 7 bytes transferred lftp ubuntu@127.0.0.1:~> exit root@f:~# ll egal -rw-r--r-- 1 root root 7 Aug 5 05:55 egal