On Wed, Oct 23, 2002 at 02:23:03PM -0400, Feng Li wrote: > 1)About the behvior for the tftp daemon on FreeBSD, I made a > sub directory under /usr/tftpboot, and change its mode to 777, > the I tried to send a file from one of our router, but I > got the following error message:
Actually, reading the manpage confirms what you are seeing:
The use of tftp(1) does not require an account or password on the remote
system. Due to the lack of authentication information, tftpd will allow
only publicly readable files to be accessed. Files containing the string
``/../'' or starting with ``../'' are not allowed. Files may be written
only if they already exist and are publicly writable. Note that this
extends the concept of ``public'' to include all users on all hosts that
can be reached through the network; this may not be appropriate on all
systems, and its implications should be considered before enabling tftp
service. The server should have the user ID with the lowest possible
privilege.
I don't think there is a way to do what you want. Perhaps you can
take a step back and tell us why you are trying to do this.
> 2)About the security hole issue, if we use this TFTP server for in-house,
> and configure it to accept the TFTP file from only specifed hosts,
> could we minimum the risk ?
This reduces the risk, yes.
Kris
msg05541/pgp00000.pgp
Description: PGP signature
