vsftpd listen=... change of default
Solar Designer
solar at openwall.com
Thu Jul 16 18:52:02 PDT 2009
Hi,
As some of you may be aware, but most probably are not, vsftpd version
2.1.0 changed the default for the "listen" option from NO to YES,
meaning that vsftpd would default to IPv4 standalone mode rather than
to inetd mode. This broke package upgrades (from 2.0.7 and earlier to
2.1.0 and newer), and not all kinds of breakage could reasonably be
addressed with things such as pre/post-install scripts and triggers.
At first, we had tried to address this in our package in some way while
accepting upstream's change of default, but we quickly realized that we
just could not. So we had to disagree and were reverting the default
with a patch for a little while (we only updated from 2.0.6 to 2.1.1 in
the end of May), at the same time adding the new command-line option
"-o", much like one found in ssh/sshd, to pass those (arbitrary) config
file options from the command-line.
Now, the reason why I am writing to Distributions@ is to inform you all
that I finally managed to convince Chris Evans to revert the default,
which he did in 2.2.0pre3. This was for several reasons, including our
guesstimate that the majority of the vsftpd userbase have not updated to
2.1.0+ yet (even if newest revisions of some distro packages have, then
most users have not installed those yet), so reverting the default will
irritate fewer people than keeping the new default of listen=YES would.
Thus, my advice to distros is to "skip over" this change of default (for
those who have not updated to 2.1.0 .. 2.2.0pre2 yet) - just wait till
2.2.0 is released - or revert the default in your current packages of
the "affected" versions as well (and do it sooner rather than later such
that fewer of your users are inconvenienced when you update to 2.2.0+).
A positive outcome of all of this is that vsftpd is now getting a
variation of "-o", which will be handy on many occasions, including the
ability to specify the listen setting from the command-line explicitly
(e.g., set listen=NO in an xinetd config file, but listen=YES in a SysV
init script).
vsftpd homepage:
http://vsftpd.beasts.org
downloads (including 2.2.0pre3):
ftp://vsftpd.beasts.org/users/cevans/
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments
More information about the Distributions
mailing list