Re: bootpd/tftpd bug
Eduardo Marcel Macan <firstname.lastname@example.org> writes:
> I have only noticed it on a slink machine, I ask someone who has
> potatoes to test it too...
> I am configuring one machine as a boot server in order to install
> Debian in a PowerPC (IBM 43P) I have here, but one strange thing is happening.
> bootpd gets the request and sends the machine an IP number ok, and
> tells it that the file to get is "/rescue2200prep.bin" (notice the slash).
> but when it asks tftp to send "/rescue2200prep.bin" it gets an "access
> violation", if I manually invoke a tftp session and ask for
> "rescue2200prep.bin" it comes right.
> The problem is that there is no way of preventing bootpd from adding
> the slash to the bootfile name, neither making tftpd accept the slash (it
> does not accept it for security reasons I think).
> I looked at the bug database and it seems that noone reported
> such thing before, maybe it can be in potato too. If so, I can file
> a bug report (against netstd).
By default, tftpd is set up to serve only files from /boot, which is
also the default directory if a relative path is specified (this is
documented in the manual page tftpd(8)). You can change this
behaviour by editing the tftpd line in /etc/inetd.conf: change the
occurrence of /boot to / .
If bootpd silently translates a relative path into an absolute one,
that sounds like a bug against bootpd. Please use the bug reporting
system to file a bug, then.
As a workaround, you could configure bootpd to send the path
"/boot/rescue2200prep.bin" to the client, which will be allowed by the
- Ruud de Rooij.
ruud de rooij | email@example.com | http://ruud.org