tftp/patches/tftp-0.42-tftpboot.patch

   1 diff -up tftp-hpa-0.48/tftp-xinetd.tftpboot tftp-hpa-0.48/tftp-xinetd
   2 --- tftp-hpa-0.48/tftp-xinetd.tftpboot  2007-01-31 00:51:05.000000000 +0100
   3 +++ tftp-hpa-0.48/tftp-xinetd   2008-05-20 12:05:53.000000000 +0200
   4 @@ -10,7 +10,7 @@ service tftp
   5         wait                    = yes
   6         user                    = root
   7         server                  = /usr/sbin/in.tftpd
   8 -       server_args             = -s /tftpboot
   9 +       server_args             = -s /var/lib/tftpboot
  10         disable                 = yes
  11         per_source              = 11
  12         cps                     = 100 2
  13 diff -up tftp-hpa-0.48/README.security.tftpboot tftp-hpa-0.48/README.security
  14 --- tftp-hpa-0.48/README.security.tftpboot      2008-05-29 17:36:32.000000000 +0200
  15 +++ tftp-hpa-0.48/README.security       2008-05-29 17:37:21.000000000 +0200
  16 @@ -17,10 +17,10 @@ probably the following:
  17
  18  1. Create a separate "tftpd" user and group only used for tftpd;
  19  2. Have all your boot files in a single directory tree (usually called
  20 -   /tftpboot).
  21 -3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if
  22 +   /var/lib/tftpboot).
  23 +3. Specify "-p -u tftpd -s /var/lib/tftpboot" on the tftpd command line; if
  24     you want clients to be able to create files use
  25 -   "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever
  26 +   "-p -c -U 002 -u tftpd -s /var/lib/tftpboot" (replace 002 with whatever
  27     umask is appropriate for your setup.)
  28
  29                =======================================
  30 @@ -40,12 +40,12 @@ directly.  Thus, if your /etc/inetd.conf
  31  line):
  32
  33  tftp   dgram   udp     wait    root    /usr/sbin/tcpd
  34 -/usr/sbin/in.tftpd -s /tftpboot -r blksize
  35 +/usr/sbin/in.tftpd -s /var/lib/tftpboot -r blksize
  36
  37  ... it's better to change to ...
  38
  39  tftp   dgram   udp     wait    root    /usr/sbin/in.tftpd
  40 -in.tftpd -s /tftpboot -r blksize
  41 +in.tftpd -s /var/lib/tftpboot -r blksize
  42
  43  You should make sure that you are using "wait" option in tftpd; you
  44  also need to have tftpd spawned as root in order for chroot (-s) to
  45 diff -up tftp-hpa-0.48/tftpd/sample.rules.tftpboot tftp-hpa-0.48/tftpd/sample.rules
  46 --- tftp-hpa-0.48/tftpd/sample.rules.tftpboot   2008-05-29 17:38:46.000000000 +0200
  47 +++ tftp-hpa-0.48/tftpd/sample.rules    2008-05-29 17:38:05.000000000 +0200
  48 @@ -30,5 +30,5 @@ rg    \\              /               # Convert backslashes to slash
  49  rg     \#              @               # Convert hash marks to @ signs
  50  rg     /../            /..no../        # Convert /../ to /..no../
  51  e      ^ok/                            # These are always ok
  52 -r      ^[^/]           /tftpboot/\0    # Convert non-absolute files
  53 +r      ^[^/]           /var/lib/tftpboot/\0    # Convert non-absolute files
  54  a      \.pvt$                          # Reject requests for private files