tftpd and paths...

[Mike]

Yeah,

It would be bad for security if anyone could tftp any file from your box
without authentication. If you actually DID serve from the "/" root of
your machine, this could allow them to grab your /etc/passwd file.
Locate, or check to see if your tftp daemon support a "chroot" to a new
directory. The common one used by tftp in slackware and debian (probably
RH) is /boot

That is where they often locate kernels, and special boot images for
network booting machines that are diskless (etc.)

See if you can tell tftp that its root directory is "/boot" or some other
location where you wich to serve files...

This may allow it to function as you wish.

If you find that their tftpd does not work as you wish, there are 3 tftp
daemons that I have found in the past with different security.. try one of
those. (One or two were found at sunsite....)

Good luck.

-M

On Mon, 6 Sep 1999, Dustin Mollo wrote:

> Date: Mon, 06 Sep 1999 20:24:56 -0700
> From: Dustin Mollo <dustin at sonic.net>
> Reply-To: nblug-talk at lists.sonic.net
> To: NBLUG Discussion List <nblug-talk at lists.sonic.net>
> Subject: tftpd and paths...
> 
> Hey all.  I've got a tftp(d) question that I'm hoping someone out there has
> dealt with.
> 
> RH 6.0, with tftp 0.10.  I'm trying to netboot a box, and the box insists on
> putting a slash at the beginning of the kernel name even when I type it in
> w/o one.  For some reason, the tftp server sees this as a bad thing
> (probably some sort of security thing that I'm just completely not seeing)
> and refuses to serve the file.
> 
> I've tested it using the command line tool that comes with the server, and
> I'm able to grab the kernel image as long as I don't prepend a slash.
> 
> Has anyone out there dealt with this, and if so, do you have a solution
> other than finding another OS to boot off of? :)
> 
> -Dustin
> 
> --
> Founder & President
> The North Bay Linux Users' Group
> http://www.nblug.org/
> dustin at nblug.org
>