* [9fans] tftpd vs assumptions about user none? (to have or have not home dir)
@ 2005-01-26 15:53 Axel Belinfante
2005-01-27 1:38 ` arisawa
0 siblings, 1 reply; 3+ messages in thread
From: Axel Belinfante @ 2005-01-26 15:53 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
I noticed that because I had a /usr/none directory (*)
tftpd would try to serve relative file name requests
from /usr/none instead of from /lib/tftpd.
the reason is that tftpd first does a chdir
and only later (via setuser() a newns("none", nil)
which in my case unfortuantely succeeded to cd to /usr/none
(because that directory existed, see below (*) until I
removed it recently)
so,
a) what are the assumptions about none ?
should not have home dir, I guess,
other places where that matters?
other issues?
b) would it make sense to make tftpd a bit
more robust in this respect?
It's probably worth noting, though, that
I saw that in a recent tftpd.c the setuser()
call was moved even `later' in the tftpd code,
such that each session (via doserve()) gets its
own clean namespace)
from which I gather that moving setuser() _up_
in the code till before (earlier than) the chdir
call is likely a bad idea...
Comments welcome, just trying to learn,
Axel.
(*) I added it myself (summer 2003 - history rocks :-)
and I don't remember why :-(
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] tftpd vs assumptions about user none? (to have or have not home dir)
2005-01-26 15:53 [9fans] tftpd vs assumptions about user none? (to have or have not home dir) Axel Belinfante
@ 2005-01-27 1:38 ` arisawa
2005-01-27 2:21 ` [9fans] tftpd vs assumptions about user none? (to have or have Sape Mullender
0 siblings, 1 reply; 3+ messages in thread
From: arisawa @ 2005-01-27 1:38 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Hello
I examined tftpd.
Current source code tftpd.c is this order:
chdir(dir) -> listen -> setuser()
But I suspect distributed binary:
term% ls -l /n/sources/plan9/386/bin/ip/tftpd
--rwxrwxr-x M 105 glenda sys 129444 Dec 27 13:33
/n/sources/plan9/386/bin/ip/tftpd
term% sum /n/sources/plan9/386/bin/ip/tftpd
ec968664 129444 /n/sources/plan9/386/bin/ip/tftpd
is not this order.
Because
term% ps
...
none 766 0:00 0:00 144K Open tftpd
..
If we compile the source that should be
term% ps
...
arisawa 722 0:00 0:00 120K Open 8.tftpd
...
I am uneasy if tftpd is running as hostowner.
because that can make security problem.
therefore I hope tftpd.c is coded in this order:
setuser() -> listen -> chdir(dir)
I want farther...
1. read only option
2. name space configuration
Kenji Arisawa
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] tftpd vs assumptions about user none? (to have or have
2005-01-27 1:38 ` arisawa
@ 2005-01-27 2:21 ` Sape Mullender
0 siblings, 0 replies; 3+ messages in thread
From: Sape Mullender @ 2005-01-27 2:21 UTC (permalink / raw)
To: 9fans
> I examined tftpd.
>
> Current source code tftpd.c is this order:
> chdir(dir) -> listen -> setuser()
> But I suspect distributed binary:
Nicely spotted! I changed that code because, although it runs
fine on a cpu, it doesn't seem to work in a terminal. Now the
setuser happens after the listen completes but before any of
the work is done. I had presotto and ehg look at it and they
both believe it's safe the way it is now. In other words, the
process becomes none before it opens any files.
Sape
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-01-27 2:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-01-26 15:53 [9fans] tftpd vs assumptions about user none? (to have or have not home dir) Axel Belinfante
2005-01-27 1:38 ` arisawa
2005-01-27 2:21 ` [9fans] tftpd vs assumptions about user none? (to have or have Sape Mullender
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).