Red Hat Bugzilla – Bug 12129
in.tftpd runs as root
Last modified: 2014-03-16 22:14:16 EDT
in.tftpd runs as root from inetd, even though the man page says
that the program should run with the least privileged account and the
files have to be world readable. So it should be safe to
run in.tftpd as nobody (works for me).
(Note! I didn't investigate if in.tftpd drops priviledges if run as root)
PS. I changed the tftp line in /etc/inetd.conf to this:
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
tftpd runs as nobody in the latest rawhide (and RH70 beta) build.