[Touch-packages] [Bug 1862157] Re: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
Changing the behavior in Ubuntu only would only break plenty of scripts automation and expectations. I (personally) agree to Simon who also is "the upstream" on this that it is a security feature and people can still (if preferred) just not set it. I have read the answer twice but don't really (sorry) see the pain point which is made harder by this. Feel free to convince Simon and I guess Ubuntu is happy to follow on this whatever upstream decides to do. ** Changed in: dnsmasq (Ubuntu) Status: New => Confirmed ** Changed in: dnsmasq (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: Confirmed Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1862157] Re: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
Thank you for taking the time to report this bug and helping to make Ubuntu better. I appreciate the quality of this bug report and I'm sure it'll be helpful to others to find this discussion if they are experiencing the same issue. This sounds like an upstream bug to me. I have checked the latest upstream and there isn't a new option around that topic available that Ubuntu could add. The best route to getting it fixed in Ubuntu in this case would be to file an upstream bug if you're able to do that. Otherwise, I'm not sure what we can do directly in Ubuntu to fix the problem. If you do end up filing an upstream bug/discussion, please link to it from here. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1862157] Re: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
Hi Thomas, as you already described yourself if you set in /etc/dnsmasq.conf tftp-root=/ then all paths you provide in per subnet config would work if each of them were added as absolute path. This works as-is without any change to the package. `tftp-root` is defined as: --tftp-root=[,] Look for files to transfer using TFTP relative to the given directory. When this is set, TFTP paths which include ".." are rejected, to stop clients getting outside the specified root. Absolute paths (starting with /) are allowed, but they must be within the tftp-root. If the optional interface argument is given, the directory is only used for TFTP requests via that interface. Your example violates the "paths starting with / ... must be within the tftp-root" which is why it won't work. You could also just "not at all" set `tftp-root` as it is mostly a security feature to not serve something you'd never want to be served. You can even do "per IP paths" in between with tftp-root + --tftp- unique-root - see the manpage for more details. If all those config options aren't enough this is more a feature request to dnsmasq than a bug in Ubuntu. Go to [1] for that if you like to do so. [1]: http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1862157] Re: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
Simplest thing would be: tftp-root sets the tftp-root directory: /data/tftp -> / or: /var/lib/tftpboot -> / Whatever is done is relative to this. tftp-root is then NEVER prepended to any file given for tftp retrival. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp