From owner-freebsd-hackers  Sun Mar 31 07:46:29 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA29361
          for hackers-outgoing; Sun, 31 Mar 1996 07:46:29 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id HAA29353
          for <hackers@FreeBSD.ORG>; Sun, 31 Mar 1996 07:46:24 -0800 (PST)
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id BAA29575; Mon, 1 Apr 1996 01:38:05 +0930
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199603311608.BAA29575@genesis.atrad.adelaide.edu.au>
Subject: Re: Howto: Sun 3's as X Terminal
To: taob@io.org (Brian Tao)
Date: Mon, 1 Apr 1996 01:38:04 -3830 (CST)
Cc: msmith@atrad.adelaide.edu.au, regnauld@tetard.frmug.fr.net,
        hackers@FreeBSD.ORG
In-Reply-To: <Pine.NEB.3.92.960331093219.29121B-100000@zap.io.org> from "Brian Tao" at Mar 31, 96 09:50:59 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Brian Tao stands accused of saying:
> >
> > lovely:~>grep tftp /etc/inetd.conf
> > tftp    dgram   udp     wait    nobody  /usr/libexec/tftpd      tftpd
> >
> > ... and I have a diskless Sun 3/60 and a Labtam MT200 booting off this
> > system.
> 
>     Where is your tftpd file hierarchy anchored?  I always use

/.  

> /tftpboot, but I don't see any default hierarcy set from the source.

/tftpboot is traditional; many clients will search there as well.

> I assume that your entire filesystem is accessible via tftp in that
> case since the code does not check for access restrictions.

Inasmuch as tftpd runs as 'nobody', yes, the system is "wide open".
Given that tftpd has no means for returning the contents of a directory,
I don't consider it a major problem.  I don't have anything to hide 
anyway 8)

>     How about adding an optional argument to tftpd that will be passed
> to chroot()?

As with the Solaris '-s' option?  Probably a worthwhile addition for sites
where security is an issue.

> Brian Tao (BT300, taob@io.org)

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] Collector of old Unix hardware.      "Where are your PEZ?" The Tick  [[