On Wed, Oct 23, 2002 at 02:23:03PM -0400, Feng Li wrote: > 1)About the behvior for the tftp daemon on FreeBSD, I made a > sub directory under /usr/tftpboot, and change its mode to 777, > the I tried to send a file from one of our router, but I > got the following error message:
Actually, reading the manpage confirms what you are seeing: The use of tftp(1) does not require an account or password on the remote system. Due to the lack of authentication information, tftpd will allow only publicly readable files to be accessed. Files containing the string ``/../'' or starting with ``../'' are not allowed. Files may be written only if they already exist and are publicly writable. Note that this extends the concept of ``public'' to include all users on all hosts that can be reached through the network; this may not be appropriate on all systems, and its implications should be considered before enabling tftp service. The server should have the user ID with the lowest possible privilege. I don't think there is a way to do what you want. Perhaps you can take a step back and tell us why you are trying to do this. > 2)About the security hole issue, if we use this TFTP server for in-house, > and configure it to accept the TFTP file from only specifed hosts, > could we minimum the risk ? This reduces the risk, yes. Kris
msg05541/pgp00000.pgp
Description: PGP signature