From: sdh@po.CWRU.Edu (Scott D. Heavner) Subject: tftp SECURITY HOLE with suggested inetd.conf Date: 21 Mar 1993 06:40:59 GMT
The default configuration for the net distribution I
have (probably net-0.2) comes with the tftpd daemon active.
tftp requires no passwords and allows users access to select
files anywhere in your directory tree starting from root.
In order to read or write files, the other permission must
be set, but this happens more often than you might think.
This also means anyone can upload a file to any device
in your /dev/ directory which is useable by all. (Try
it, tftp to your box and execute "put [file] /dev/tty1")
I don't know if this is really a problem, but it
looks to me like it is. I have all my ttys set with
other+rw.
I suggest that tfpd should be either removed
from the inetd.conf files that are part of any standard
distribution or the inetd.conf file should be changed to
something like:
tftp dgram udp wait root /etc/inet/tftpd tftpd *
where * would be /home/ftp/incoming /home/ftp/pub (or
maybe just /home/ftp).
Scott
sdh@po.cwru.edu
-- HELP! I'm being held prisoner in a .sig file factory.