David Gwynne <da...@gwynne.id.au> wrote: > On Sun, Oct 02, 2022 at 06:32:04PM +0000, Klemens Nanni wrote: > > diskless(8) just needs tftpd(8) to deliver files, none of the possibly > > untrusted clients are supposed to ever write anything. > > > > Either way, even when run without -c, a single file writable by _tftpd > > might be enough for a malicious client to fill up the server's disk. > > > > A proper read-only mode ("stdio rpath dns inet") seems much safer. > > agreed. i'm ok with this diff, but it's worth asking if we can make the > default read-only and ask people to opt in for write (and create) before > this specific diff goes in. ie, read-only be default, '-w' to enable > write mode, '-c' to enable write+create?
we were read-only believers a long time ago, and it seems the world has caught up to our way of thinking so yes maybe it is time to make it an option you must specify.