On Fri, May 17, 2019 at 5:08 PM Orion Poplawski <[email protected]> wrote:
> Probably related: > > --tftp-secure > Enable TFTP secure mode: without this, any file which is > readable by the dnsmasq process under normal unix access- > control rules is available via TFTP. When the --tftp-secure > flag is given, only files owned by the user running the dns‐ > masq process are accessible. If dnsmasq is being run as > root, different rules apply: --tftp-secure has no effect, > but only files which have the world-readable bit set are > accessible. It is not recommended to run dnsmasq as root > with TFTP enabled, and certainly not without specifying > --tftp-root. Doing so can expose any world-readable file on > the server to any host on the net. Just read and sent the same :) > I'm still surprised it made a difference starting it by hand or by systemd. +1 dnsmasq runs as "nobody" if "/etc/dnsmasq.conf" doesn't have "user=foo" or dnsmasq isn't started with "--user=foo" (or "-u foo").
