README
1This is tftp-hpa, a conglomerate of a number of versions of the BSD
2TFTP code, changed around to port to a whole collection of operating
3systems. The goal is to work on any reasonably modern Unix with
4sockets.
5
6The tftp-hpa series is maintained by H. Peter Anvin <hpa@zytor.com>.
7
8The latest version of this collection can be found at:
9
10 ftp://ftp.kernel.org/pub/software/network/tftp/
11
12See the file CHANGES for a list of changes between versions.
13
14
15Please see the INSTALL and INSTALL.tftp files for compilation and
16installation instructions.
17
18===> IMPORTANT: IF YOU ARE UPGRADING FROM ANOTHER TFTP SERVER, OR FROM
19===> A VERSION OF TFTP-HPA OLDER THAN 0.17 SEE THE FILE
20===> "README.security" FOR IMPORTANT SECURITY MODEL CHANGES!
21
22
23This software can be discussed on the SYSLINUX mailing list. To
24subscribe, go to the list subscription page at:
25
26 http://www.zytor.com/mailman/listinfo/syslinux
27
28
README.security
1Starting in version 0.27, tftp-hpa has the option of a "use Unix
2permissions" mode. In this mode, tftpd can access any file accessible
3by the tftpd effective user, specified via the -u option. This means
4that files no longer need to be set to o+r or o+w.
5
6If file creation is enabled (via the -c option), the -p option also
7changes the default umask from 0 (anyone can read or write) to
8"unchanged" (inherited from the calling process.) The -U option can
9be used to override the default umask; this is recommended.
10
11The sanest setup, from a security standpoint, for tftpd to run in is
12probably the following:
13
141. Create a separate "tftpd" user and group only used for tftpd;
152. Have all your boot files in a single directory tree (usually called
16 /tftpboot).
173. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if
18 you want clients to be able to create files use
19 "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever
20 umask is appropriate for your setup.)
21
22 =======================================
23
24Starting in version 0.17, tftp-hpa operates in genuine "wait" mode,
25which means that an in.tftpd process hangs around for some time after
26the last service request has arrived. This speeds up servicing a
27subsequent request, which apparently has been a problem in the past,
28resulting in "request storms" as the client keeps retrying, resulting
29in multiple connections on the server which the client has already
30abandoned.
31
32This also means that spawning tftp via tcpd is useless (in fact, this
33indirection seems to be part of the reason for these "request
34storms.") Instead, tftp-hpa supports calling the tcpwrapper library
35directly. Thus, if your /etc/inetd.conf looks like this (all on one
36line):
37
38tftp dgram udp wait root /usr/sbin/tcpd
39/usr/sbin/in.tftpd -s /tftpboot -r blksize
40
41... it's better to change to ...
42
43tftp dgram udp wait root /usr/sbin/in.tftpd
44in.tftpd -s /tftpboot -r blksize
45
46You should make sure that you are using "wait" option in tftpd; you
47also need to have tftpd spawned as root in order for chroot (-s) to
48work. tftpd automatically drops privilege and changes user ID to
49"nobody" by default; the appropriate user ID for tftpd can be
50specified with the -u option (e.g. "-u tftpuser").
51
52If you are running a busy boot server, I would suggest to instead use
53kernel-based firewalling rules, and to compile tftpd without
54tcpwrapper support, in order to provide significantly better
55performance. To do so, specify the --without-tcpwrappers option to
56configure when compiling; see the INSTALL.tftp file for more information.
57