Bug 100914 - [patch] tftpd(8): libexec/tftpd: write access control
Summary: [patch] tftpd(8): libexec/tftpd: write access control
Status: Closed DUPLICATE of bug 225996
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 6.1-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-27 11:50 UTC by Auster
Modified: 2018-08-22 16:41 UTC (History)
2 users (show)

See Also:

Attachments
file.diff (831 bytes, patch)
2006-07-27 11:50 UTC, Auster 		no flags Details | Diff
file.diff (540 bytes, patch)
2006-07-27 11:50 UTC, Auster 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Auster 2006-07-27 11:50:11 UTC 
Traditional tftp file access control:
 read access:
  tftpd(8) - tftpd will allow only publicly readable files to be accessed.
 write access:
  tftpd(8) - files may be written only if they already exist and are publicly writable.

Test condition: files may be written only if they are publicly writable (i.e. mode ??2).

Summary, libexec/tftpd write access:
 absolute filenames:
  all modes (??0 ??2 ??4) - correct.
 relative filenames:
  mode ??0 - incorrect 6.1 (RELEASE-p2 tested)
  mode ??2 - incorrect 4.11 (RELEASE-p9 tested)
  mode ??4 - incorrect both - 4.11 and 6.1

Fix: 1) 6.1-RELEASE-p2: diff -up libexec/tftpd/tftpd.c.orig libexec/tftpd/tftpd.c
2) 4.11-RELEASE-p9: diff -up libexec/tftpd/tftpd.c.orig libexec/tftpd/tftpd.c
How-To-Repeat: 
for example:

~# grep '^tftp' /etc/inetd.conf
tftp	dgram	udp	wait	root	/usr/libexec/tftpd	tftpd -l -s /spool/tftp

~# touch a
~# touch /spool/tftp/a
~# chown nobody:nogroup /spool/tftp/a


1) mode ??0
~# chmod 640 /spool/tftp/a
~# tftp localhost

1a) 6.1-RELEASE-p2
tftp| put a /a
Error code 2: Access violation
  ! error - correct
tftp| put a a
  ! no error - incorrect

1b) 4.11-RELEASE-p9
tftp| put a /a
Error code 2: Access violation
  ! error - correct
tftp| put a a
Error code 2: Access violation
  ! error - correct



2) mode ??2
~# chmod 642 /spool/tftp/a
~# tftp localhost

2a) 6.1-RELEASE-p2
tftp| put a /a
  ! no error - correct
tftp| put a a
  ! no error - correct

2b) 4.11-RELEASE-p9
tftp| put a /a
  ! no error - correct
tftp| put a a
Error code 2: Access violation
  ! error - incorrect



3) mode ??4
~# chmod 644 /spool/tftp/a
~# tftp localhost

3a) 6.1-RELEASE-p2
tftp| put a /a
Error code 2: Access violation
  ! error - correct
tftp| put a a
  ! no error - incorrect

3b) 4.11-RELEASE-p9
tftp| put a /a
Error code 2: Access violation
  ! error - correct
tftp| put a a
  ! no error - incorrect
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-10-08 09:24:04 UTC 
Responsible Changed
From-To: freebsd-bugs->edwin

I'm interested in TFTP.
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2008-02-15 10:53:21 UTC 
Responsible Changed
From-To: edwin->freebsd-bugs


Give back into the pool until later.
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:19 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 4 Alan Somers freebsd_committer freebsd_triage 2018-08-22 16:41:06 UTC 
I'm having difficulty understanding your complaint, but I think it's a duplicate of 225996, which is already fixed.

*** This bug has been marked as a duplicate of bug 225996 ***