684425 – Cannot set up a tftp server

Bug 684425 - Cannot set up a tftp server

Summary: Cannot set up a tftp server

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	tftp
Sub Component:
Version:	14
Hardware:	i686
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Jiri Skala
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-12 13:39 UTC by Petr Tomasek
Modified:	2014-11-09 22:34 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-04-28 17:46:08 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Petr Tomasek 2011-03-12 13:39:18 UTC

Description of problem:
 The tftp server cannot be startet - the UDP port ist filtered even if iptables and selinux switched off (and tcp_wrappers set as permissible as possible).

Version-Release number of selected component (if applicable):
$ rpm -q tcp_wrappers tftp-server tftp
tcp_wrappers-7.6-59.fc14.i686
tftp-server-0.49-7.fc14.i686
tftp-0.49-7.fc14.i686

How reproducible:
 When setting up a tftp server the normal way, it is blocked.

Steps to Reproduce:
1. [switch off selinux]
2. # yum install tftp-server
3. # chkconfig tftp on
4. # service iptables stop
5. # echo -ne "ALL : ALL\n\n" > /etc/hosts.allow
6. # service xinetd restart

7. # echo test > /var/lib/tftpboot/test 
8. # chmod 644 /var/lib/tftpboot/test

Actual results:

$ tftp localhost -c get test
tftp: test: Is a directory

# nmap -sU localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-12 14:32 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Not shown: 992 closed ports
PORT     STATE         SERVICE
37/udp   open          time
69/udp   open|filtered tftp
500/udp  open|filtered isakmp
631/udp  open|filtered ipp
1812/udp open          radius
1813/udp open|filtered radacct
4500/udp open|filtered nat-t-ike
5353/udp open|filtered zeroconf 

but:
 # tcpdmatch tftp@localhost localhost
client:   hostname dalet.home
client:   address  127.0.0.1
server:   hostname dalet.home
server:   address  127.0.0.1
server:   process  tftp
access:   granted

Expected results:

Tftp-server running and accessible (at least from localhost).

Additional info:

Comment 1 Petr Tomasek 2011-03-12 20:40:45 UTC

Ok, co I have probably found it: it works fine from another host, but not from the same one (which is IMHO very confusing and doesn't bring much for the security... It should be at least documented somewhere...).

Comment 2 Jiri Skala 2011-04-28 17:46:08 UTC

Really interesting 'not a bug'. :-)

Your reproducer don't work for me but I'm able to reproduce your issue.

The tftp works fine between two machines as well as on one machine. The trick of your issue is following - the current working directory where you call tftp client contains subdirectory with the same name as the filename to get ('test' in this case). That's all.

I'm going to close it with status 'notabug'.

Comment 3 Petr Tomasek 2011-04-28 17:59:24 UTC

Ok, I understand, You're right.

Maybe should the error message be more verbose on where is the 'test' directory? (Something like "Error: trying to overwrite directory with a file"?)

Thank You!

Note You need to log in before you can comment on or make changes to this bug.