[4205] in bugtraq
Re: [linux-security] Re: tftpd bug (was: "Secure" tftpd source
daemon@ATHENA.MIT.EDU (Alex Belits)
Mon Mar 24 20:19:31 1997
Date: Mon, 24 Mar 1997 14:48:53 -0800
Reply-To: Alex Belits <abelits@PHOBOS.ILLTEL.DENVER.CO.US>
From: Alex Belits <abelits@PHOBOS.ILLTEL.DENVER.CO.US>
X-To: Warner Losh <imp@VILLAGE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <E0w9Gwd-0005eK-00@rover.village.org>
On Mon, 24 Mar 1997, Warner Losh wrote:
> : and works fine if -ls /tftpboot is added as options to its command line.
> : Otherwise it only checks file permissions without even trying to become
> : "nobody" and thus opens hole for non-executable directories (even if
> : directory is non-executable for anyone but root, files in it will be
> : accessible). Also it's necessary to hardlink /dev/log under chroot
> : directory to keep logging functional.
>
> The openlog happens before any chroot code, so that you don't need a
> /dev/log in your chrooted env.
Probably it's because of different syslog in linux and freebsd libc.
> When you don't run tftpd in secure
> mode, it is supposed to be run as nobody by indetd. The default
> inetd.conf file that ships with FreeBSD is setup this way. I don't
> think that the files will be accessible in this case. What am I
> missing here?
It "assumes" that it's not running as root if no chroot directory is
defined without checking or trying to change its uid. And since it does
have option to chroot, it could be called as root, so the assumption is
that if sysadmin doesn't use chroot, he will run it as nobody. Sysadmin
that will change setup to remove for some reason chroot'ing option from
tftpd line in inetd.conf very unlikely will check tftpd source and change
userid at the same time. Manpage says "Because chroot is restricted to
root, you must run tftpd as root. However, if you chroot, then tftpd will
set its user id to nobody.", so it's not obvious that if -s option is
removed, it will require sysadmin to change userid in inetd.conf. Maybe,
freebsd sysadmins are assumed to know that if manpage doesn't explicitly
says that userid will change to nobody, it won't happen even if -s option
causes that, but in linux tftpd always changes its userid and thus just
copying freebsd tftpd to linux with default configs creates security hole.
--
Alex
