Date: Mon, 15 Apr 1996 18:09:36 -0600 (MDT) From: Warner Losh <imp@village.org> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1145: tftpd should support -s Message-ID: <199604160009.SAA02721@rover.village.org> Resent-Message-ID: <199604160020.RAA19654@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1145
>Category: bin
>Synopsis: tftpd should support -s
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 15 17:20:01 PDT 1996
>Last-Modified:
>Originator: Warner Losh
>Organization:
The village
>Release: FreeBSD 2.1.0-RELEASE i386
>Environment:
>Description:
tftpd doesn't support -s.
>How-To-Repeat:
>Fix:
Apply the following patch:
Index: tftpd.8
===================================================================
RCS file: /home/imp/FreeBSD/CVS/src/libexec/tftpd/tftpd.8,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 tftpd.8
--- tftpd.8 1994/05/27 12:39:25 1.1.1.1
+++ tftpd.8 1996/04/15 23:56:55
@@ -42,6 +42,7 @@
.Nm tftpd
.Op Fl l
.Op Fl n
+.Op Fl s Ar directory
.Op Ar directory ...
.Sh DESCRIPTION
.Nm Tftpd
@@ -87,6 +88,15 @@
The given directories are also treated as a search path for
relative filename requests.
.Pp
+The chroot option provides additional security by restricting access
+of tftpd to only a chroot'd file system. This is useful when moving
+from an OS that supported
+.Nm -s
+as a boot server. Because chroot is restricted to root, you must run
+tftpd as root. However, if you chroot, then
+.Nm tftpd
+will set its user id to nobody.
+.Pp
The options are:
.Bl -tag -width Ds
.It Fl l
@@ -95,6 +105,11 @@
.It Fl n
Suppresses negative acknowledgement of requests for nonexistent
relative filenames.
+.It Fl s Ar directory
+Causes tftpd to chroot to
+.Pa directory
+before accepting commands. In addition, the user id is set to
+nobody.
.El
.Sh SEE ALSO
.Xr tftp 1 ,
Index: tftpd.c
===================================================================
RCS file: /home/imp/FreeBSD/CVS/src/libexec/tftpd/tftpd.c,v
retrieving revision 1.2
diff -u -r1.2 tftpd.c
--- tftpd.c 1995/02/26 23:28:00 1.2
+++ tftpd.c 1996/04/15 23:38:57
@@ -113,9 +113,10 @@
register int n;
int ch, on;
struct sockaddr_in sin;
+ char *chroot_dir = NULL;
openlog("tftpd", LOG_PID, LOG_FTP);
- while ((ch = getopt(argc, argv, "ln")) != EOF) {
+ while ((ch = getopt(argc, argv, "lns:")) != EOF) {
switch (ch) {
case 'l':
logging = 1;
@@ -123,10 +124,26 @@
case 'n':
suppress_naks = 1;
break;
+ case 's':
+ chroot_dir = optarg;
+ break;
default:
syslog(LOG_WARNING, "ignoring unknown option -%c", ch);
}
}
+
+ if (chroot_dir) {
+ if (getuid())
+ syslog(LOG_WARNING, "-s works only when run as root");
+ else {
+ if (chroot(chroot_dir))
+ syslog(LOG_ERR, "chroot: %s",
+ strerror(errno));
+ chdir( "/" );
+ setuid( 32767 ); /* Revert to running as nobody */
+ }
+ }
+
if (optind < argc) {
struct dirlist *dirp;
@@ -139,6 +156,14 @@
dirp++;
}
}
+ }
+ /* Only allow no d */
+ else if (chroot_dir) {
+ dirs->name = "/";
+ dirs->len = 1;
+ }
+ else {
+ syslog(LOG_WARNING, "Access to theentire system graned");
}
on = 1;
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604160009.SAA02721>