# Proftpd jail chroot after update



## dweet (Jan 6, 2012)

Hi everybody,

I have some problems with proftpd-mysql in my jail environment. After upgrading from ports to 1.3.3g I can't get the server working. When I start my service I can't log with any user even though everything was configured properly cause it worked before upgrade. I checked logs and found a system error complaining about chroot:


```
Jan 06 09:41:30 <host> proftpd[59138] <addr>: Preparing to chroot to directory '/usr/home/ftp/anonymous'
Jan 06 09:41:30 <host> proftpd[59138] <addr>: error: FreeBSD with vulnerable chroot (FreeBSD-SA-11:07.chroot)
Jan 06 09:41:30 <host> proftpd[59138] <addr>: chroot to '/usr/home/ftp/anonymous' failed for user 'ftp': Operation not permitted
Jan 06 09:41:30 <host> proftpd[59138] <addr>: error: unable to set anonymous privileges
```
I checked out UPDATING and followed steps to update sources to STABLE branch, recompiled world, kernel and all ports. I'm using ezjail so I ran *ezjail-admin update -i* and then started jail again but the problem still occurs. I've been told that there's a workaround to disable chroot but it's my production system and I shouldn't let others see server's folder structure.

Any help would be appreciated.


----------



## SirDice (Jan 6, 2012)

What version of FreeBSD are you running? Post the output of `$ uname -a`


----------



## dweet (Jan 7, 2012)

```
FreeBSD <host> 8.2-STABLE FreeBSD 8.2-STABLE #4: Wed Jan  4 12:43:13 CET 2012     
root@<host>:/usr/obj/usr/src/sys/dCustom  i386
```


----------



## SirDice (Jan 9, 2012)

Make sure your source tree has been updated after 23-12-2011 (and you installed world from those sources).

http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc

If that still causes problems it would appear proftpd isn't detecting it properly. You can try contacting the port's maintainer or file a PR.


----------



## dweet (Jan 9, 2012)

I did all of this above and it didn't work. I tried patching kernel and even copying libc.so from main system to jail without any success. Guess it's not a kernel or system error.


----------



## Paulxp (Jan 10, 2012)

I have the same Issue on this version:

```
FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Sat Oct 29 12:38:29 CEST 2011
```


----------



## SirDice (Jan 10, 2012)

dweet said:
			
		

> Guess it's not a kernel or system error.


As far as I can tell the check is done by proftpd itself. The error probably would need to be fixed upstream.


----------



## SirDice (Jan 10, 2012)

Paulxp said:
			
		

> I have the same Issue on this version:
> 
> ```
> FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Sat Oct 29 12:38:29 CEST 2011
> ```



And there it's correct. Your version of FreeBSD contains a security vulnerability (actually multiple, so update as soon as possible).

http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc


----------

