Bug 684425

Summary: Cannot set up a tftp server
Product: [Fedora] Fedora Reporter: Petr Tomasek <tomasek>
Component: tftpAssignee: Jiri Skala <jskala>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 14CC: aglotov, jskala, pertusus
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-28 17:46:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Tomasek 2011-03-12 13:39:18 UTC 
Description of problem:
 The tftp server cannot be startet - the UDP port ist filtered even if iptables and selinux switched off (and tcp_wrappers set as permissible as possible).

Version-Release number of selected component (if applicable):
$ rpm -q tcp_wrappers tftp-server tftp
tcp_wrappers-7.6-59.fc14.i686
tftp-server-0.49-7.fc14.i686
tftp-0.49-7.fc14.i686

How reproducible:
 When setting up a tftp server the normal way, it is blocked.

Steps to Reproduce:
1. [switch off selinux]
2. # yum install tftp-server
3. # chkconfig tftp on
4. # service iptables stop
5. # echo -ne "ALL : ALL\n\n" > /etc/hosts.allow
6. # service xinetd restart

7. # echo test > /var/lib/tftpboot/test 
8. # chmod 644 /var/lib/tftpboot/test

Actual results:

$ tftp localhost -c get test
tftp: test: Is a directory

# nmap -sU localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-12 14:32 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Not shown: 992 closed ports
PORT     STATE         SERVICE
37/udp   open          time
69/udp   open|filtered tftp
500/udp  open|filtered isakmp
631/udp  open|filtered ipp
1812/udp open          radius
1813/udp open|filtered radacct
4500/udp open|filtered nat-t-ike
5353/udp open|filtered zeroconf 

but:
 # tcpdmatch tftp@localhost localhost
client:   hostname dalet.home
client:   address  127.0.0.1
server:   hostname dalet.home
server:   address  127.0.0.1
server:   process  tftp
access:   granted

Expected results:

Tftp-server running and accessible (at least from localhost).

Additional info:
Comment 1 Petr Tomasek 2011-03-12 20:40:45 UTC 
Ok, co I have probably found it: it works fine from another host, but not from the same one (which is IMHO very confusing and doesn't bring much for the security... It should be at least documented somewhere...).
Comment 2 Jiri Skala 2011-04-28 17:46:08 UTC 
Really interesting 'not a bug'. :-)

Your reproducer don't work for me but I'm able to reproduce your issue.

The tftp works fine between two machines as well as on one machine. The trick of your issue is following - the current working directory where you call tftp client contains subdirectory with the same name as the filename to get ('test' in this case). That's all.

I'm going to close it with status 'notabug'.
Comment 3 Petr Tomasek 2011-04-28 17:59:24 UTC 
Ok, I understand, You're right.

Maybe should the error message be more verbose on where is the 'test' directory? (Something like "Error: trying to overwrite directory with a file"?)

Thank You!