From: Johnson, Chad (cmjohnson@uslec.com)
Date: Tue Feb 10 2004 - 09:47:35 EST
I hope someone has a good idea here. We are implementing a tftp server to
back up configs to. To assist in securing this server we are using
tcp_wrappers for the tftp deamon. The problem I am running into is that
unlike most other services spawned from inetd, in.tftpd, does not change
it's incoming port to an alternate. When inetd accepts a connection on port
69, that same port is handed off to the in.tftpd daemon.
The in.tftpd daemon continues to run after the initail transfer (to handle
connections that have queued) that spawned the connection. Now in.tftpd is
listening on port 69 for more tftp connections. What this ends up doing is
allowing the next transfers to bypass inetd/tcp_wrappers. As long as tftp
transfers keep coming in, the daemon continues to run and bypass inetd.
This is a large security problem.
Does anyone know of a way to have in.tftpd quit after one transfer? Perhaps
an undocumented switch or a way to spawn it in inetd.conf. I realize I
could use an alternate tftpd (open source) but without being a programmer I
cannot examine the source code to be sure there are no back doors installed.
Here is the inetd.conf line:
tftp dgram udp wait root /usr/local/bin/tcpd
/usr/sbin/in.tftpd -s /export/home/tftp
TIA, Chad.
[demime 1.01b removed an attachment of type image/bmp which had a name of sig.bmp]
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:01 EDT