The tftpd daemon has been changed to use setgid() & setuid() to

explicitly set the user and group IDs to non-priveleged values. This was done because the chroot() call used when the secure (-s) option is used can only be done by the superuser. This change now requires tftpd to be executed by root. So the inetd.conf entry has been changed to start it that way. I also added -s /tftpboot arguments, so people who uncomment the tftpd entry without realizing it's security ramifications won't open thier whole systems to unauthorized access.
1995-06-04 20:55:39 +00:00 · 1995-06-04 20:55:39 +00:00 · 170153e198
parent 5b37a8fded
commit 170153e198
1 changed files with 1 additions and 1 deletions
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@ -12,7 +12,7 @@ login		stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind
 #nntp		stream	tcp	nowait	usenet	/usr/libexec/nntpd	nntpd
 finger		stream	tcp	nowait	nobody	/usr/libexec/fingerd	fingerd
 ident		stream	tcp	wait	nobody.kmem /usr/libexec/identd	identd -w -t60 -l -o -e -N
-#tftp		dgram	udp	wait	nobody	/usr/libexec/tftpd	tftpd
+#tftp		dgram	udp	wait	root	/usr/libexec/tftpd	tftpd -s /tftpboot
 comsat		dgram	udp	wait	root	/usr/libexec/comsat	comsat
 ntalk		dgram	udp	wait	root	/usr/libexec/ntalkd	ntalkd
 #bootps		dgram	udp	wait	root	/usr/libexec/bootpd	bootpd