12129 – in.tftpd runs as root

Bug 12129 - in.tftpd runs as root

Summary: in.tftpd runs as root

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	tftp
Sub Component:
Version:	6.2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-06-12 13:36 UTC by Jarno Huuskonen
Modified:	2014-03-17 02:14 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-06-12 13:36:42 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jarno Huuskonen 2000-06-12 13:36:41 UTC

in.tftpd runs as root from inetd, even though the man page says
that the program should run with the least privileged account and the
files have to be world readable. So it should be safe to
run in.tftpd as nobody (works for me).
(Note! I didn't investigate if in.tftpd drops priviledges if run as root)

-Jarno

PS. I changed the tftp line in /etc/inetd.conf to this:
tftp   dgram   udp     wait    nobody  /usr/sbin/tcpd  in.tftpd
                                ^^^

Comment 1 Pekka Savola 2000-08-02 05:13:22 UTC

tftpd runs as nobody in the latest rawhide (and RH70 beta) build.

Note You need to log in before you can comment on or make changes to this bug.