[1482] in linux-security and linux-alert archive
[linux-security] Re: "Secure" tftpd source for Linux?
daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Mar 24 09:22:37 1997
Date: Sun, 23 Mar 1997 17:46:31 -0500 (EST)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: linux-security@redhat.com
In-Reply-To: <199703230052.RAA17444@rintintin.Colorado.EDU>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Sat, 22 Mar 1997, Ben Cantrick wrote:
> I've been poking around my system, and realized that having a tftp server
> would be handy. (I'm working with cisco routers, which have the capability to
> up and download configuration images via tftp.)
>
> However, I'm not content with the usual tftpd that comes with Linux. The
> whole "specify each directory you want" scheme is cock-eyed to me. I'd
> prefer a tftp server more like the ones I've seen on Sun and HPUX machines.
> That type chroot()'s to a "secure" (and I use the term loosely) directory
> just after it starts up.
I went through this almost 2 years ago when setting up a tftp server on a
slackware 2.3 box. I found that the man page for slackware's in.tftpd was
wrong, or in.tftpd just didn't work as advertised. I ended up hacking the
inetd.conf to get the behaviour I wanted.
tftp dgram udp wait root /usr/sbin/tcpd /usr/sbin/chroot
/tftp /in.tftpd
At the time I wasn't as interested in hacking source as I might be now...I
just wanted tftpd to work asap. This has the odd side affect that in
hosts.allow, you have to specify chroot as the service. :)
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______