[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bootpd/tftpd bug



Eduardo Marcel Macan <macan@colband.com.br> writes:

> 	I have only noticed it on a slink machine, I ask someone who has 
> potatoes to test it too...
> 
> 	I am configuring one machine as a boot server in order to install
> Debian in a PowerPC (IBM 43P) I have here, but one strange thing is happening.
> 
> 	bootpd gets the request and sends the machine an IP number ok, and
> tells it that the file to get is "/rescue2200prep.bin" (notice the slash).
> but when it asks tftp to send "/rescue2200prep.bin" it gets an "access
> violation", if I manually invoke a tftp session and ask for 
> "rescue2200prep.bin" it comes right.
> 
> 	The problem is that there is no way of preventing bootpd from adding 
> the slash to the bootfile name, neither making tftpd accept the slash (it
> does not accept it for security reasons I think).
> 
> 	I looked at the bug database and it seems that noone reported 
> such thing before, maybe it can be in potato too. If so, I can file 
> a bug report (against netstd).

By default, tftpd is set up to serve only files from /boot, which is
also the default directory if a relative path is specified (this is
documented in the manual page tftpd(8)).  You can change this
behaviour by editing the tftpd line in /etc/inetd.conf: change the
occurrence of /boot to / .

If bootpd silently translates a relative path into an absolute one,
that sounds like a bug against bootpd.  Please use the bug reporting
system to file a bug, then.

As a workaround, you could configure bootpd to send the path
"/boot/rescue2200prep.bin" to the client, which will be allowed by the
tftpd server.

	- Ruud de Rooij.
-- 
ruud de rooij | ruud@ruud.org | http://ruud.org


Reply to: