From owner-freebsd-hackers  Tue Apr  2 23:21:24 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA00374
          for hackers-outgoing; Tue, 2 Apr 1996 23:21:24 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA00354
          for <hackers@freebsd.org>; Tue, 2 Apr 1996 23:21:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.6.12/8.6.6) with SMTP id AAA05371 for <hackers@freebsd.org>; Wed, 3 Apr 1996 00:21:19 -0700
Message-Id: <199604030721.AAA05371@rover.village.org>
To: hackers@freebsd.org
Subject: tftpd and -s
Date: Wed, 03 Apr 1996 00:21:19 -0700
From: Warner Losh <imp@village.org>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

SunOS had a useful feature in tftpd -s.  Since I replaced a Sun box as
the boot server for my X terminal some time ago, I've been running a
hacked version of tftpd that accepts only one arg: -s.  -s dir will
chroot to that dir before starting tftpd.  I did this because it was
easier to hack tftpd.c to accept -s than to try to reconfigure the X
terminal that I moved to my freebsd box to put /usr/local/tftpboot/ in
front of *ALL* of its paths.  You have to run it as root, but it does
a setuid to nobody once it the chroot is effective (well, immediately
after it parses the args).  And it fails safe: If chroot fails, so
does tftpd on the theory that it is better to fail than to give access
to any world readable file.

Would anybody be interested in these patches to tftpd.c?  While they
wouldn't appeal to everybody, there may some interest.

Warner