The tftpd daemon has been changed to use setgid() & setuid() to
explicitly set the user and group IDs to non-priveleged values. This was done because the chroot() call used when the secure (-s) option is used can only be done by the superuser. This change now requires tftpd to be executed by root. So the inetd.conf entry has been changed to start it that way. I also added -s /tftpboot arguments, so people who uncomment the tftpd entry without realizing it's security ramifications won't open thier whole systems to unauthorized access.
This commit is contained in:
parent
5b37a8fded
commit
170153e198
|
@ -12,7 +12,7 @@ login stream tcp nowait root /usr/libexec/rlogind rlogind
|
||||||
#nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd
|
#nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd
|
||||||
finger stream tcp nowait nobody /usr/libexec/fingerd fingerd
|
finger stream tcp nowait nobody /usr/libexec/fingerd fingerd
|
||||||
ident stream tcp wait nobody.kmem /usr/libexec/identd identd -w -t60 -l -o -e -N
|
ident stream tcp wait nobody.kmem /usr/libexec/identd identd -w -t60 -l -o -e -N
|
||||||
#tftp dgram udp wait nobody /usr/libexec/tftpd tftpd
|
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot
|
||||||
comsat dgram udp wait root /usr/libexec/comsat comsat
|
comsat dgram udp wait root /usr/libexec/comsat comsat
|
||||||
ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
|
ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
|
||||||
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
|
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
|
||||||
|
|
Loading…
Reference in New Issue