Re: in.tftpd: Missing a critical feature
On Thu, Jun 25, 1998 at 06:38:56PM -0500, John Goerzen wrote:
> Package: netstd
> Version: 3.07-1
The bug number for this report hasn't shown up in the web pages yet, so I'm
removing bugs.debian.org from the cc: list in this response. You might want
to forward it into the bug report.
> Sun's tftpd has an option, -s. Basically, this option chroot's to the
> specified directory, than set[ug]id's itself to nobody. After that,
> it starts serving files.
[...]
> Why is this important? Well, we have a number of NCD X terminals.
> These terminals try to get files with absolute pathnames like
> /usr/lib/X11/ncd/configs. The tftp server should really serve this
> file from an appropriate subdirectory below the tftpboot directory --
> NOT the system's /usr/lib/X11 directory. That is, the server should
> actually hand the client the file
> /usr/local/ncdroot/usr/lib/X11/ncd/configs in our case.
I don't like Sun's chroot mode -- you can't make symlinks out of your
/tftpboot into the rest of the filesystem. I did this a lot at work last
term, where I would build the software for one of our embedded systems in my
home directory, press reset, and it would boot the new image automatically.
Instead, could we implement behaviour like this:
- discard pathnames with dot-dots, of course.
- if no path restriction is specified on the command line, use the
given path directly.
- if pathname starts with /tftpboot (or whatever's specified on the
command line to limit tftpd) pass it through directly.
- if pathname starts with / but not /tftpboot, append it to
/tftpboot.
- otherwise, append it to /tftpboot/ (ie. relative to tftpboot
directory).
This should cover all usages for tftp that I know of.
Have fun,
Avery
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: