]>
Commit | Line | Data |
---|---|---|
5a0e9616 SS |
1 | diff -up tftp-hpa-0.48/tftp-xinetd.tftpboot tftp-hpa-0.48/tftp-xinetd |
2 | --- tftp-hpa-0.48/tftp-xinetd.tftpboot 2007-01-31 00:51:05.000000000 +0100 | |
3 | +++ tftp-hpa-0.48/tftp-xinetd 2008-05-20 12:05:53.000000000 +0200 | |
4 | @@ -10,7 +10,7 @@ service tftp | |
5 | wait = yes | |
6 | user = root | |
7 | server = /usr/sbin/in.tftpd | |
8 | - server_args = -s /tftpboot | |
9 | + server_args = -s /var/lib/tftpboot | |
10 | disable = yes | |
11 | per_source = 11 | |
12 | cps = 100 2 | |
13 | diff -up tftp-hpa-0.48/README.security.tftpboot tftp-hpa-0.48/README.security | |
14 | --- tftp-hpa-0.48/README.security.tftpboot 2008-05-29 17:36:32.000000000 +0200 | |
15 | +++ tftp-hpa-0.48/README.security 2008-05-29 17:37:21.000000000 +0200 | |
16 | @@ -17,10 +17,10 @@ probably the following: | |
17 | ||
18 | 1. Create a separate "tftpd" user and group only used for tftpd; | |
19 | 2. Have all your boot files in a single directory tree (usually called | |
20 | - /tftpboot). | |
21 | -3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if | |
22 | + /var/lib/tftpboot). | |
23 | +3. Specify "-p -u tftpd -s /var/lib/tftpboot" on the tftpd command line; if | |
24 | you want clients to be able to create files use | |
25 | - "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever | |
26 | + "-p -c -U 002 -u tftpd -s /var/lib/tftpboot" (replace 002 with whatever | |
27 | umask is appropriate for your setup.) | |
28 | ||
29 | ======================================= | |
30 | @@ -40,12 +40,12 @@ directly. Thus, if your /etc/inetd.conf | |
31 | line): | |
32 | ||
33 | tftp dgram udp wait root /usr/sbin/tcpd | |
34 | -/usr/sbin/in.tftpd -s /tftpboot -r blksize | |
35 | +/usr/sbin/in.tftpd -s /var/lib/tftpboot -r blksize | |
36 | ||
37 | ... it's better to change to ... | |
38 | ||
39 | tftp dgram udp wait root /usr/sbin/in.tftpd | |
40 | -in.tftpd -s /tftpboot -r blksize | |
41 | +in.tftpd -s /var/lib/tftpboot -r blksize | |
42 | ||
43 | You should make sure that you are using "wait" option in tftpd; you | |
44 | also need to have tftpd spawned as root in order for chroot (-s) to | |
45 | diff -up tftp-hpa-0.48/tftpd/sample.rules.tftpboot tftp-hpa-0.48/tftpd/sample.rules | |
46 | --- tftp-hpa-0.48/tftpd/sample.rules.tftpboot 2008-05-29 17:38:46.000000000 +0200 | |
47 | +++ tftp-hpa-0.48/tftpd/sample.rules 2008-05-29 17:38:05.000000000 +0200 | |
48 | @@ -30,5 +30,5 @@ rg \\ / # Convert backslashes to slash | |
49 | rg \# @ # Convert hash marks to @ signs | |
50 | rg /../ /..no../ # Convert /../ to /..no../ | |
51 | e ^ok/ # These are always ok | |
52 | -r ^[^/] /tftpboot/\0 # Convert non-absolute files | |
53 | +r ^[^/] /var/lib/tftpboot/\0 # Convert non-absolute files | |
54 | a \.pvt$ # Reject requests for private files |