[syslinux] tftpd-hpa suggestions
Baurjan Ismagulov
ibr at ata.cs.hun.edu.tr
Tue Jan 13 06:52:48 PST 2004
Hello, Peter and others!
there are some issues regarding the tftp-hpa server:
1. Running as Windows service seems to require that the application does
not detach (otherwise "net start" says smth. like "could not start,
the service didn't report any errors").
The attached patch adds the option "-n", which can be used to have
tftpd run in foreground.
2. By default, tftpd tries to drop privileges. Under Windows, this
requires:
* creation of user "nobody", not present by default;
* granting special privileges to the user running the daemon (the
default choice is "SYSTEM" if run as a service) -- namely, running
processes as another user without giving the password (smth.
similar to SUID).
This leads to the following problems:
* I don't see much sense in granting powerful privileges in order to
immediately drop them.
* According to one of the leading cygwin developers, this would not
work under Windows 2003 since the system drops these privileges
automatically before starting the service
(http://marc.theaimsgroup.com/?l=cygwin&m=107003209905031&w=2).
That is why it was recommended to me to use the daemon without
switching to nobody. In order to further minimize the risk, one can
run the service as some special user, created specifically for that
purpose.
The attached patch #ifdefs the relevant code -- I didn't implement it
as an option since I couldn't imagine a scenario where one could need
it as an option.
3. The server seems to have at least one command line syntax example
where the directory name is not required. I have changed the man page
accordingly.
I suggest to include these changes in the distribution. What do you
think?
With kind regards,
Baurjan.
More information about the Syslinux
mailing list