from small one page howto to huge articles all in one place
 

search text in:





Poll
Which linux distribution do you use?







poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

105021

userrating:

average rating: 1.7 (85 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

219391

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

99855

userrating:

average rating: 1.3 (28 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion
You are here: manpages





TFTPD

Section: System Manager's Manual: iputils (8)
Updated: 24 January 2013
Index Return to Main Contents
 

NAME

tftpd - Trivial File Transfer Protocol server  

SYNOPSIS

tftpd directory

 

DESCRIPTION

tftpd is a server which supports the DARPA Trivial File Transfer Protocol (RFC1350). The TFTP server is started by inetd(8).

directory is required argument; if it is not given tftpd aborts. This path is prepended to any file name requested via TFTP protocol, effectively chrooting tftpd to this directory. File names are validated not to escape out of this directory, however administrator may configure such escape using symbolic links.

It is in difference of variants of tftpd usually distributed with unix-like systems, which take a list of directories and match file names to start from one of given prefixes or to some random default, when no arguments were given. There are two reasons not to behave in this way: first, it is inconvenient, clients are not expected to know something about layout of filesystem on server host. And second, TFTP protocol is not a tool for browsing of server's filesystem, it is just an agent allowing to boot dumb clients.

In the case when tftpd is used together with rarpd(8), tftp directories in these services should coincide and it is expected that each client booted via TFTP has boot image corresponding its IP address with an architecture suffix following Sun Microsystems conventions. See rarpd(8) for more details.  

SECURITY

TFTP protocol does not provide any authentication. Due to this capital flaw tftpd is not able to restrict access to files and will allow only publically readable files to be accessed. Files may be written only if they already exist and are publically writable.

Impact is evident, directory exported via TFTP must not contain sensitive information of any kind, everyone is allowed to read it as soon as a client is allowed. Boot images do not contain such information as rule, however you should think twice before publishing f.e. Cisco IOS config files via TFTP, they contain unencrypted passwords and may contain some information about the network, which you were not going to make public.

The tftpd server should be executed by inetd with dropped root privileges, namely with a user ID giving minimal access to files published in tftp directory. If it is executed as superuser occasionally, tftpd drops its UID and GID to 65534, which is most likely not the thing which you expect. However, this is not very essential; remember, only files accessible for everyone can be read or written via TFTP.  

SEE ALSO

rarpd(8), tftp(1), inetd(8).  

HISTORY

The tftpd command appeared in 4.2BSD. The source in iputils is cleaned up both syntactically (ANSIized) and semantically (UDP socket IO).

It is distributed with iputils mostly as good demo of an interesting feature (MSG_CONFIRM) allowing to boot long images by dumb clients not answering ARP requests until they are finally booted. However, this is full functional and can be used in production.  

AVAILABILITY

tftpd is part of iputils package and the latest versions are available in source form at http://www.skbuff.net/iputils/iputils-current.tar.bz2.


 

Index

NAME
SYNOPSIS
DESCRIPTION
SECURITY
SEE ALSO
HISTORY
AVAILABILITY


Please read "Why adblockers are bad".



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2017 Sascha Nitsch Unternehmensberatung UG(haftungsbeschränkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 3.3 ms