When running for a while I saw multiple (around 4) proftpd processes running with nobody connected to, but they were using all processor power. I did a strace -p <pid> of such a process and it repeatedly called something (can't remember which one...). (note that my server isn't too busy, I can imagine others having much more than 4 processes after a little while).
I'm not sure what caused these processes to exist. Maybe in certain situations of disconnects they get there... Because they were slowing down my server alot I upgraded proftpd (by compiling from source) to version 1.3.0rc5. That fixed it all. Security impact: denial of service (by spawning alot of those processes which makes the server unresponsive). I also saw some segfaults now and then with proftpd... I'm not sure whether this segfault is related to the cpu consuming leftover. Perhaps it's the same (or related) bug. I hope proftpd get's updated soon... Alex Athanasius wrote: > I'm seeing these on-disconnect SEGVs with 1.2.10-15sarge1.0.1. I see > from the discussion here that it's a known issue, and at least some such > issues are fixed in a later version (presumably in testing/unstable). > > Any word on possible security impact of this ? > > -Ath -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
