From owner-freebsd-bugs  Tue Apr 16 09:00:05 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id JAA21011
          for bugs-outgoing; Tue, 16 Apr 1996 09:00:05 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id JAA20979
          Tue, 16 Apr 1996 09:00:03 -0700 (PDT)
Date: Tue, 16 Apr 1996 09:00:03 -0700 (PDT)
Message-Id: <199604161600.JAA20979@freefall.freebsd.org>
To: freebsd-bugs
Cc: 
From: Bill Fenner <fenner@parc.xerox.com>
Subject: Re: bin/1145: tftpd should support -s 
Reply-To: Bill Fenner <fenner@parc.xerox.com>
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR bin/1145; it has been noted by GNATS.

From: Bill Fenner <fenner@parc.xerox.com>
To: imp@village.org
Cc: FreeBSD-gnats-submit@freebsd.org, fenner@parc.xerox.com
Subject: Re: bin/1145: tftpd should support -s 
Date: Tue, 16 Apr 1996 08:53:26 PDT

 In message <199604160009.SAA02721@rover.village.org>you write:
 >+			setuid( 32767 ); /* Revert to running as nobody */
 
 Careful!  On my FreeBSD boxes, nobody is uid 65534.  I think what you really 
 want to do is
 
 			if ((nobody = getpwnam("nobody")) == NULL) {
 				syslog(LOG_ERROR, "nobody: no such user");
 				exit(1);
 			}
 			setuid(nobody->pw_uid);
 
 >+		syslog(LOG_WARNING, "Access to theentire system graned");
 
 I'm not sure that logging a warning is the right thing to do; this opens the 
 door for logfile spamming.  How about just failing to run if no path arguments 
 are specified, and requiring an explicit "/" argument to allow granting access 
 to the entire system?
 
   Bill