clausklein / rpms / tftp

Forked from rpms/tftp 5 years ago
Clone

Blame SOURCES/tftp-0.42-tftpboot.patch

364356
diff -up tftp-hpa-0.48/tftp-xinetd.tftpboot tftp-hpa-0.48/tftp-xinetd
364356
--- tftp-hpa-0.48/tftp-xinetd.tftpboot	2007-01-31 00:51:05.000000000 +0100
364356
+++ tftp-hpa-0.48/tftp-xinetd	2008-05-20 12:05:53.000000000 +0200
364356
@@ -10,7 +10,7 @@ service tftp
364356
 	wait			= yes
364356
 	user			= root
364356
 	server			= /usr/sbin/in.tftpd
364356
-	server_args		= -s /tftpboot
364356
+	server_args		= -s /var/lib/tftpboot
364356
 	disable			= yes
364356
 	per_source		= 11
364356
 	cps			= 100 2
364356
diff -up tftp-hpa-0.48/README.security.tftpboot tftp-hpa-0.48/README.security
364356
--- tftp-hpa-0.48/README.security.tftpboot	2008-05-29 17:36:32.000000000 +0200
364356
+++ tftp-hpa-0.48/README.security	2008-05-29 17:37:21.000000000 +0200
364356
@@ -17,10 +17,10 @@ probably the following:
364356
 
364356
 1. Create a separate "tftpd" user and group only used for tftpd;
364356
 2. Have all your boot files in a single directory tree (usually called 
364356
-   /tftpboot).
364356
-3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if
364356
+   /var/lib/tftpboot).
364356
+3. Specify "-p -u tftpd -s /var/lib/tftpboot" on the tftpd command line; if
364356
    you want clients to be able to create files use
364356
-   "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever
364356
+   "-p -c -U 002 -u tftpd -s /var/lib/tftpboot" (replace 002 with whatever
364356
    umask is appropriate for your setup.)
364356
 
364356
 	       =======================================
364356
@@ -40,12 +40,12 @@ directly.  Thus, if your /etc/inetd.conf
364356
 line):
364356
 
364356
 tftp	dgram	udp	wait	root	/usr/sbin/tcpd
364356
-/usr/sbin/in.tftpd -s /tftpboot -r blksize
364356
+/usr/sbin/in.tftpd -s /var/lib/tftpboot -r blksize
364356
 
364356
 ... it's better to change to ...
364356
 
364356
 tftp	dgram	udp	wait	root	/usr/sbin/in.tftpd
364356
-in.tftpd -s /tftpboot -r blksize
364356
+in.tftpd -s /var/lib/tftpboot -r blksize
364356
 
364356
 You should make sure that you are using "wait" option in tftpd; you
364356
 also need to have tftpd spawned as root in order for chroot (-s) to
364356
diff -up tftp-hpa-0.48/tftpd/sample.rules.tftpboot tftp-hpa-0.48/tftpd/sample.rules
364356
--- tftp-hpa-0.48/tftpd/sample.rules.tftpboot	2008-05-29 17:38:46.000000000 +0200
364356
+++ tftp-hpa-0.48/tftpd/sample.rules	2008-05-29 17:38:05.000000000 +0200
364356
@@ -30,5 +30,5 @@ rg	\\		/		# Convert backslashes to slash
364356
 rg	\#		@		# Convert hash marks to @ signs
364356
 rg	/../		/..no../	# Convert /../ to /..no../
364356
 e	^ok/				# These are always ok
364356
-r	^[^/]		/tftpboot/\0	# Convert non-absolute files
364356
+r	^[^/]		/var/lib/tftpboot/\0	# Convert non-absolute files
364356
 a	\.pvt$				# Reject requests for private files