The ebuild for net-ftp/proftpd 1.2.9_rc2 has a bug in it that causes the AllowOverwrite directive to be ignored, thus not allowing remote FTP users to overwrite existing files. This has been fixed in version 1.2.9_rc3. The proftpd ebuild needs to be updated to the new version. Reproducible: Always Steps to Reproduce: 1. Use the AllowOverwrite directive in your config file 2. Using an ftp client, try to overwrite an existing file on your server. Actual Results: It will fail with the error "error 550 overwrite permission denied". With certain FPT clients, the existing file you are trying to overwrite is deleted and you have neither the new nor the old version of the file on the server. Expected Results: Allowed you to overwrite your existing file with the new one.
Whoops, forgot to add `emerge info` output: scoobysnacks root # emerge info Portage 2.0.49-r13 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1, 2.4.20-gentoo-r2) ================================================================= System uname: 2.4.20-gentoo-r2 i686 Intel(R) Pentium(R) 4 CPU 2.00GHz Gentoo Base System version 1.4.3.10p1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i686 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="sandbox ccache autoaddcvs" GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://gentoo.chem.wisc.edu/gentoo/ http://adelie.polymtl.ca/ http://gentoo.noved.org/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 oss apm arts avi crypt encode foomaticdb gpm imlib kde gnome libg++ mad mikmod mpeg ncurses nls pdflib quicktime sdl spell svga xmms xv zlib gdbm berkdb slang readline tcpd libwww ssl perl python oggvorbis -X -opengl -motif -java -alsa -qt -gtk -cups mysql sasl png jpeg tiff truetype gif innodb maildir pam xml xml2 apache2"
proftpd-1.2.9_rc3 is now in portage which should address this issue. Please test and let me know if things work properly for you.
Tested proftpd-1.2.9_rc3. Seems to have fixed the problem and seems stable to me. Thanks for the quick action! Gentoo developers KICK ASS!
I'm not sure anyone will read this, but can someone tell me why, after this security issue, and the subsqeuent update, 1.2.9rc2 is still the unmasked version in portage? Why hasn't it been upgraded to r3, or even 1.2.9?
i have to agree with comment #4 1.2.9 has been out since the 31st of october... :-( best regards Thilo