[1477] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] "Secure" tftpd source for Linux?

daemon@ATHENA.MIT.EDU (Ben Cantrick (alias Macky Stingray)
Sun Mar 23 06:52:18 1997

From: Ben Cantrick (alias Macky Stingray) <cantrick@rintintin.Colorado.EDU>
To: linux-security@redhat.com
Date: Sat, 22 Mar 1997 17:52:12 -0700 (MST)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


  I've been poking around my system, and realized that having a tftp server
would be handy. (I'm working with cisco routers, which have the capability to
up and download configuration images via tftp.)

  However, I'm not content with the usual tftpd that comes with Linux. The
whole "specify each directory you want" scheme is cock-eyed to me. I'd
prefer a tftp server more like the ones I've seen on Sun and HPUX machines.
That type chroot()'s to a "secure" (and I use the term loosely) directory
just after it starts up. 


  I've modified and started using a tftpd that starts up and then chroots
to the directory specified by the first command line argument, or "/var/tftp".
Then, it jettisons root privledges in favor of nobody/nogroup and goes on
its way.

  It's a cute little hack, and it seems to work. But I am convinced that
someone must have seen the need and done this before. My extended forays
into the web via several search engines have failed to turn up anything
relevant. So I'm curious if anyone on the list knows of (or better, has)
freely distributable source for a "secure" tftpd.

  If not, I'll probably polish mine up a bit and then start asking people
for evaluations of the code. If it passes, I'll toss it up on my web page
and give it away to anyone who wants it.


          -Ben
-- 
=---------     http://ucsu.colorado.edu/~cantrick/home.html     -------------=
*Ben Cantrick, diehard BGC otaku and Priss fan.  ---> THE BGC DUBS SUCK! <---*


home help back first fref pref prev next nref lref last post