| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 1 | Patch originally from Fedora |
| 2 | |
| 3 | http://pkgs.fedoraproject.org/cgit/tftp.git/ |
| 4 | |
| 5 | Upstream-Status: Pending |
| 6 | |
| 7 | diff -up tftp-hpa-0.48/tftp-xinetd.tftpboot tftp-hpa-0.48/tftp-xinetd |
| 8 | --- tftp-hpa-0.48/tftp-xinetd.tftpboot 2007-01-31 00:51:05.000000000 +0100 |
| 9 | +++ tftp-hpa-0.48/tftp-xinetd 2008-05-20 12:05:53.000000000 +0200 |
| 10 | @@ -10,7 +10,7 @@ service tftp |
| 11 | wait = yes |
| 12 | user = root |
| 13 | server = /usr/sbin/in.tftpd |
| 14 | - server_args = -s /tftpboot |
| 15 | + server_args = -s /var/lib/tftpboot |
| 16 | disable = yes |
| 17 | per_source = 11 |
| 18 | cps = 100 2 |
| 19 | diff -up tftp-hpa-0.48/README.security.tftpboot tftp-hpa-0.48/README.security |
| 20 | --- tftp-hpa-0.48/README.security.tftpboot 2008-05-29 17:36:32.000000000 +0200 |
| 21 | +++ tftp-hpa-0.48/README.security 2008-05-29 17:37:21.000000000 +0200 |
| 22 | @@ -17,10 +17,10 @@ probably the following: |
| 23 | |
| 24 | 1. Create a separate "tftpd" user and group only used for tftpd; |
| 25 | 2. Have all your boot files in a single directory tree (usually called |
| 26 | - /tftpboot). |
| 27 | -3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if |
| 28 | + /var/lib/tftpboot). |
| 29 | +3. Specify "-p -u tftpd -s /var/lib/tftpboot" on the tftpd command line; if |
| 30 | you want clients to be able to create files use |
| 31 | - "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever |
| 32 | + "-p -c -U 002 -u tftpd -s /var/lib/tftpboot" (replace 002 with whatever |
| 33 | umask is appropriate for your setup.) |
| 34 | |
| 35 | ======================================= |
| 36 | @@ -40,12 +40,12 @@ directly. Thus, if your /etc/inetd.conf |
| 37 | line): |
| 38 | |
| 39 | tftp dgram udp wait root /usr/sbin/tcpd |
| 40 | -/usr/sbin/in.tftpd -s /tftpboot -r blksize |
| 41 | +/usr/sbin/in.tftpd -s /var/lib/tftpboot -r blksize |
| 42 | |
| 43 | ... it's better to change to ... |
| 44 | |
| 45 | tftp dgram udp wait root /usr/sbin/in.tftpd |
| 46 | -in.tftpd -s /tftpboot -r blksize |
| 47 | +in.tftpd -s /var/lib/tftpboot -r blksize |
| 48 | |
| 49 | You should make sure that you are using "wait" option in tftpd; you |
| 50 | also need to have tftpd spawned as root in order for chroot (-s) to |
| 51 | diff -up tftp-hpa-0.48/tftpd/sample.rules.tftpboot tftp-hpa-0.48/tftpd/sample.rules |
| 52 | --- tftp-hpa-0.48/tftpd/sample.rules.tftpboot 2008-05-29 17:38:46.000000000 +0200 |
| 53 | +++ tftp-hpa-0.48/tftpd/sample.rules 2008-05-29 17:38:05.000000000 +0200 |
| 54 | @@ -30,5 +30,5 @@ rg \\ / # Convert backslashes to slash |
| 55 | rg \# @ # Convert hash marks to @ signs |
| 56 | rg /../ /..no../ # Convert /../ to /..no../ |
| 57 | e ^ok/ # These are always ok |
| 58 | -r ^[^/] /tftpboot/\0 # Convert non-absolute files |
| 59 | +r ^[^/] /var/lib/tftpboot/\0 # Convert non-absolute files |
| 60 | a \.pvt$ # Reject requests for private files |