Several vsftpd config files are world-readable when they should be readable only by root for better security.
Fix permissions after extracting the rootfs
$ configure --enable-board=qemux86-64 --enable-rootfs=glibc_cgl --enable-kernel=cgl $ make $ tar jtvf export/qemux86-64-glibc-cgl-cgl-dist.tar.bz2 | grep vsftpd -rwxr-xr-x root/root 125 2013-05-09 06:37 ./etc/vsftpd.ftpusers lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc1.d/K20vsftpd -> ../init.d/vsftpd -rw-r--r-- root/root 331 2013-05-09 06:37 ./etc/pam.d/vsftpd -rwxr-xr-x root/root 361 2013-05-09 06:37 ./etc/vsftpd.user_list -rwxr-xr-x root/root 947 2013-05-09 06:37 ./etc/init.d/vsftpd lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc4.d/S20vsftpd -> ../init.d/vsftpd -rw-r--r-- root/root 106 2013-05-09 04:37 ./etc/logcheck/ignore.d.server/vsftpd lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc3.d/S20vsftpd -> ../init.d/vsftpd lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc0.d/K20vsftpd -> ../init.d/vsftpd lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc2.d/S20vsftpd -> ../init.d/vsftpd lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc6.d/K20vsftpd -> ../init.d/vsftpd -rwxr-xr-x root/root 5526 2013-05-09 06:37 ./etc/vsftpd.conf lrwxrwxrwx root/root 0 2013-05-22 09:48 ./etc/rc5.d/S20vsftpd -> ../init.d/vsftpd -rwxr-xr-x root/root 137512 2013-05-09 07:49 ./usr/sbin/vsftpd The files which should be changes are vsftpd.ftpusers, vsftpd.user_list and possibly vsftpd.conf. This is how it looked in WRL3: -rw------- 3 root root 125 Apr 19 09:09 ftpusers -rw------- 3 root root 361 Apr 19 09:09 user_list
