[1482] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: "Secure" tftpd source for Linux?

daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Mar 24 09:22:37 1997

Date: Sun, 23 Mar 1997 17:46:31 -0500 (EST)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: linux-security@redhat.com
In-Reply-To: <199703230052.RAA17444@rintintin.Colorado.EDU>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Sat, 22 Mar 1997, Ben Cantrick wrote:

>   I've been poking around my system, and realized that having a tftp server
> would be handy. (I'm working with cisco routers, which have the capability to
> up and download configuration images via tftp.)
> 
>   However, I'm not content with the usual tftpd that comes with Linux. The
> whole "specify each directory you want" scheme is cock-eyed to me. I'd
> prefer a tftp server more like the ones I've seen on Sun and HPUX machines.
> That type chroot()'s to a "secure" (and I use the term loosely) directory
> just after it starts up. 

I went through this almost 2 years ago when setting up a tftp server on a
slackware 2.3 box.  I found that the man page for slackware's in.tftpd was
wrong, or in.tftpd just didn't work as advertised.  I ended up hacking the
inetd.conf to get the behaviour I wanted.

tftp    dgram   udp     wait    root    /usr/sbin/tcpd  /usr/sbin/chroot 
/tftp /in.tftpd

At the time I wasn't as interested in hacking source as I might be now...I
just wanted tftpd to work asap.  This has the odd side affect that in
hosts.allow, you have to specify chroot as the service. :)

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______


home help back first fref pref prev next nref lref last post