burnleyvic
Regular Pleskian
CentOS 5.7 and 6.2, x86_64, Plesk 10.4.4 MU20
It all started one day when we decided to offer sftp support to our customers. We knew for a fact that proftpd packages shipped by Atomic do offer out-of-the-box sftp support after installing psa-proftpd-mod_sftp package, so we thought we'll be safe with this repo. All good, but all of a sudden the sftp support dissapeared, the reason for this being Plesk's microupdates system, which is overwriting files as part of so-called security updates.
Plesk's microupdate 4 is patching a 1.3.4a installation with a 1.3.3e file. What's worse is that Plesk's proftpd binary is buit without DSO support! Please check the behaviour of your own binary, as opposed to Atomic's one:
--- Plesk binaries ---
md5sum /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
e614b004db1991eedd4b136549756a9c /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd
e614b004db1991eedd4b136549756a9c /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
ls -l /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
-rwxr-xr-x 1 root root 2157543 Dec 7 16:14 /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd
-rwxr-xr-x 1 root root 2157543 Mar 5 21:22 /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
So, we've got the same binary for 10.3.1 MU16 and 10.4.4 MU4. Now:
/root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd -v
ProFTPD Version 1.3.3e
/root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd -vv
- Fatal: unknown configuration directive 'LoadModule' on line 2 of '/etc/proftpd-sftp.conf'
/root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_ident.c
mod_auth_pam.c
mod_ratio.c
mod_readme.c
mod_quotatab.c
mod_quotatab_file.c
mod_tls.c
mod_cap.c
mod_lang.c
No DSO support here.
--- Atomic binary on a repaired proftpd installation ---
/usr/sbin/proftpd -v
ProFTPD Version 1.3.4a
/usr/sbin/proftpd -vv
ProFTPD Version: 1.3.4a (maint)
Scoreboard Version: 01040003
Built: Mon Nov 14 2011 09:46:01 EST
Loaded modules:
mod_sftp/0.9.8
mod_ctrls/0.9.4
mod_ifsession/1.1
mod_cap/1.1
mod_dnsbl/0.1.3
mod_auth_pam/1.1
mod_readme/1.0
mod_tls/2.4.3
mod_quotatab_file.c
mod_quotatab/1.3.0
mod_clamav.c
mod_ident/1.0
mod_dso/0.5
mod_facts/0.3
mod_delay/0.7
mod_site.c
mod_log.c
mod_ls.c
mod_auth.c
mod_auth_file/0.9
mod_auth_unix.c
mod_xfer.c
mod_core.c
/usr/sbin/proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_dso.c
mod_ident.c
mod_clamav.c
mod_quotatab.c
mod_quotatab_file.c
mod_tls.c
mod_readme.c
mod_auth_pam.c
mod_dnsbl.c
mod_cap.c
mod_ifsession.c
mod_ctrls.c
It all started one day when we decided to offer sftp support to our customers. We knew for a fact that proftpd packages shipped by Atomic do offer out-of-the-box sftp support after installing psa-proftpd-mod_sftp package, so we thought we'll be safe with this repo. All good, but all of a sudden the sftp support dissapeared, the reason for this being Plesk's microupdates system, which is overwriting files as part of so-called security updates.
Plesk's microupdate 4 is patching a 1.3.4a installation with a 1.3.3e file. What's worse is that Plesk's proftpd binary is buit without DSO support! Please check the behaviour of your own binary, as opposed to Atomic's one:
--- Plesk binaries ---
md5sum /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
e614b004db1991eedd4b136549756a9c /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd
e614b004db1991eedd4b136549756a9c /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
ls -l /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
-rwxr-xr-x 1 root root 2157543 Dec 7 16:14 /root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd
-rwxr-xr-x 1 root root 2157543 Mar 5 21:22 /root/parallels/PSA_10.4.4/microupdates/MU4/dist-rpm-CentOS-5-x86_64/proftpd
So, we've got the same binary for 10.3.1 MU16 and 10.4.4 MU4. Now:
/root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd -v
ProFTPD Version 1.3.3e
/root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd -vv
- Fatal: unknown configuration directive 'LoadModule' on line 2 of '/etc/proftpd-sftp.conf'
/root/parallels/PSA_10.3.1/microupdates/MU16/dist-rpm-CentOS-5-x86_64/proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_ident.c
mod_auth_pam.c
mod_ratio.c
mod_readme.c
mod_quotatab.c
mod_quotatab_file.c
mod_tls.c
mod_cap.c
mod_lang.c
No DSO support here.
--- Atomic binary on a repaired proftpd installation ---
/usr/sbin/proftpd -v
ProFTPD Version 1.3.4a
/usr/sbin/proftpd -vv
ProFTPD Version: 1.3.4a (maint)
Scoreboard Version: 01040003
Built: Mon Nov 14 2011 09:46:01 EST
Loaded modules:
mod_sftp/0.9.8
mod_ctrls/0.9.4
mod_ifsession/1.1
mod_cap/1.1
mod_dnsbl/0.1.3
mod_auth_pam/1.1
mod_readme/1.0
mod_tls/2.4.3
mod_quotatab_file.c
mod_quotatab/1.3.0
mod_clamav.c
mod_ident/1.0
mod_dso/0.5
mod_facts/0.3
mod_delay/0.7
mod_site.c
mod_log.c
mod_ls.c
mod_auth.c
mod_auth_file/0.9
mod_auth_unix.c
mod_xfer.c
mod_core.c
/usr/sbin/proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_dso.c
mod_ident.c
mod_clamav.c
mod_quotatab.c
mod_quotatab_file.c
mod_tls.c
mod_readme.c
mod_auth_pam.c
mod_dnsbl.c
mod_cap.c
mod_ifsession.c
mod_ctrls.c