Date: Wed, 23 Oct 2002 14:23:03 -0400 From: Feng Li <fengli@kddia.com> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Is there any info about this type tftp daemon ? Message-ID: <20021023141031.5E59.FENGLI@kddia.com> In-Reply-To: <20021023165650.GD15601@xor.obsecurity.org> References: <20021023112945.5E51.FENGLI@kddia.com> <20021023165650.GD15601@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Kris 1)About the behvior for the tftp daemon on FreeBSD, I made a sub directory under /usr/tftpboot, and change its mode to 777, the I tried to send a file from one of our router, but I got the following error message: telnet@serverIr10-05#copy run tftp 210.139.136.8 new/aaa telnet@serverIr10-05#TFTP: received error request -- code 1 message File not found Error - can't upload running-config to TFTP server. telnet@serverIr10-05# After I put an empty file aaa under directory new, and change its permission to 666, the same command was done OK. telnet@serverIr10-05#copy run tftp 209.137.136.8 new/aaa telnet@serverIr10-05#Upload running-config to TFTP server done. So I think the issue is not the write permission, the issue is that the TFTP daemon wants to check the same file name if exist or not. In another word, the target file should exist before you send the real file to TFTP server, the TFTP server seems like to do overwrite, but not like to create new files .... 2)About the security hole issue, if we use this TFTP server for in-house, and configure it to accept the TFTP file from only specifed hosts, could we minimum the risk ? Thanks, Feng > On Wed, Oct 23, 2002 at 11:32:51AM -0400, Feng Li wrote: > > > > > > Hi, Friends > > > > > > I am a FreeBSD OS user. I am using one FreeBSD box as > > my TFTP server. But with a inconventient problem: > > > > Everytime, before I send file to this server, I have > > to do the following process on this server: > > > > /usr/tftpboot# touch xxxx-config > > /usr/tftpboot# chmod 666 xxxx-config > > > > I hope to omit this process, so if anyone knows where I can get > > a TFTP daemon which can allow me to omit above inconvenience ? > > This indicates the tftpd daemon does not have write permission to > /usr/tftpboot. This is of course a potential security hole because > tftp does not authenticate, so you're giving everyone who can connect > to your tftpd the permission to write/overwrite files into that > directory. > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021023141031.5E59.FENGLI>