tftpd and paths...

John F. Kohler jkohler2 at earthlink.net
Tue Sep 7 08:00:26 PDT 1999


and...I don't understand the answer.

..lots to learn..
John
Mike wrote:
> 
> Yeah,
> 
> It would be bad for security if anyone could tftp any file from your box
> without authentication. If you actually DID serve from the "/" root of
> your machine, this could allow them to grab your /etc/passwd file.
> Locate, or check to see if your tftp daemon support a "chroot" to a new
> directory. The common one used by tftp in slackware and debian (probably
> RH) is /boot
> 
> That is where they often locate kernels, and special boot images for
> network booting machines that are diskless (etc.)
> 
> See if you can tell tftp that its root directory is "/boot" or some other
> location where you wich to serve files...
> 
> This may allow it to function as you wish.
> 
> If you find that their tftpd does not work as you wish, there are 3 tftp
> daemons that I have found in the past with different security.. try one of
> those. (One or two were found at sunsite....)
> 
> Good luck.
> 
> -M
> 
> On Mon, 6 Sep 1999, Dustin Mollo wrote:
> 
> > Date: Mon, 06 Sep 1999 20:24:56 -0700
> > From: Dustin Mollo <dustin at sonic.net>
> > Reply-To: nblug-talk at lists.sonic.net
> > To: NBLUG Discussion List <nblug-talk at lists.sonic.net>
> > Subject: tftpd and paths...
> >
> > Hey all.  I've got a tftp(d) question that I'm hoping someone out there has
> > dealt with.
> >
> > RH 6.0, with tftp 0.10.  I'm trying to netboot a box, and the box insists on
> > putting a slash at the beginning of the kernel name even when I type it in
> > w/o one.  For some reason, the tftp server sees this as a bad thing
> > (probably some sort of security thing that I'm just completely not seeing)
> > and refuses to serve the file.
> >
> > I've tested it using the command line tool that comes with the server, and
> > I'm able to grab the kernel image as long as I don't prepend a slash.
> >
> > Has anyone out there dealt with this, and if so, do you have a solution
> > other than finding another OS to boot off of? :)
> >
> > -Dustin
> >
> > --
> > Founder & President
> > The North Bay Linux Users' Group
> > http://www.nblug.org/
> > dustin at nblug.org
> >



More information about the talk mailing list