Subject: Re: tftp on 1.3
To: Andrew Gillham <gillhaa@ghost.whirlpool.com>
From: Geoff Wing <gcw@pobox.com>
List: current-users
Date: 02/28/1998 17:41:41
Andrew Gillham wrote about Re: tftp on 1.3:
:> > Grrr, now I know why my NetBSD 1.3 machines are no longer usable as a tftp
:> > server for my cisco equipment! Is there a good reason this was changed?
:> > Particularly when '-s /tftpboot' is used?
:> > If anyone already has a working patch, please mail it to me, otherwise I'll
:> > have to come up with one today at work.
:> >
:> > I don't want to sound like I'm whining (which I am), but I use a NetBSD
:> > machine for a tftp server, and for rsh/rcp services with our cisco router
:> > network. With 1.3, these were *all* broken for me. The rsh/rcp problem
:> > is related to NIS, which I can disable to make it work ok. (though I have
:> > a patch that makes it work with NIS)
:> cd /tftpboot
:> ln -s tftpboot .
:lrwxr-xr-x 1 root wheel 1 May 23 1996 tftpboot -> .
:Been there for some time. I'm concerned about trying to write a file
:called "routername-confg" via tftp. Used to work, doesn't now. I am
:not about to retype the whole filename just to put a '/' on the front.
You can't do that, I don't think (the soft linking, I mean). Look in
src/libexec/tftpd/tftpd.c in validate_access() . From memory, all
filenames had to either start with ``/'' or an approved directory path
handed to tftp via the command line (or maybe also some other method) to
allow you to write there. For the ``-s'' flag this is annoying and I
didn't notice it till I was, funnily enough, doing stuff on my Cisco.
After a very quick look at it, I'd say you would only need to change:
if (mode != RRQ || !strncmp(filename, "../", 3))
return (EACCESS);
to
if ((!secure && mode != RRQ) || !strncmp(filename, "../", 3))
return (EACCESS);
but you better check that yourself, and maybe send-pr it if you reckon it's
correct. That should allow reads/writes to the default directory with the
``-s'' flag used and no other directories specified.
--
Geoff Wing <gcw@pobox.com> Mobile : 0412 162 441
Work URL: http://www.primenet.com.au/ Ego URL: http://pobox.com/~gcw/