Re: [Touch-packages] [Bug 1862157] [NEW] dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
asume following: / /data /data/tftp /data/tftp/grub /data/tftp/pxe tftp on some client: tftp-root unset: tftp grub/grub.0 -> file not found tftp /grub/grub.0 -> file not found tftp data/tftp/grub/grub.0 -> loads grub. tftp /data/tftp/grub/grub.0 -> loads grub. tftp-root=/data/tftp -- this prepends tftp-root to all paths given: tftp grub/grub.0 -> /data/tftp/grub/grub.0 -> loads grub. tftp /grub/grub.0 -> /data/tftp/grub/grub.0 -> loads grub tftp data/tftp/grub/grub.0 -> /data/tftp/data/tftp/grub/grub.0 -> file not found tftp /data/tftp/grub/grub.0 -> /data/tftp/data/tftp/grub/grub.0 -> file not found This way tftp in dnsmasq exposes what directory tftp-files reside. I'd awaited it to act if tftp-root is set as: tftp grub/grub.0 -> grub/grub.0 -> loads grub. tftp /grub/grub.0 -> grub/grub.0 -> loads grub tftp data/tftp/grub/grub.0 -> data/tftp/grub/grub.0 -> file not found tftp /data/tftp/grub/grub.0 -> /data/tftp/grub/grub.0 -> file not found Thus meaning tftp-root acts like chroot making tftp-clients see set tftp-root as root of the filesystem, not as forced path into a filesystem how dnsmasq handles tftp-root makes it difficult to have further software have correct paths to boot operating systems, because dnsmasq tftp handles back full paths which may be never available to nfs or smb based remote boots. On Fri, Feb 7, 2020 at 10:25 PM Simon Kelley wrote: > tftp-root is a security feature. The tftp protocol is entirely > unauthenticated, and if a request was allowed to go outside the > specified root directory, than that effectively makes all readable files > on the host available for internet-wide access, which is not generally > desirable. If you want TFTP to be able to access any file on the > machine, don't set a tftp-root. > > > Simon. > > > On 06/02/2020 11:02, Thomas Schweikle wrote: > > Public bug reported: > > > > dnsmasq does in all cases prepend "tftp_root" to tftp-files. > > > > tftp-root=/data/tftp > > dhcp-boot=grub/i386-pc/core.0 > > > > now have some config files for different subnets: > > dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 > > dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 > > dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de > > > > Now booting clients within subnet 172.18.1.0/24 will boot grub with: > > /data/tftp/grub/i386-pc/core.0 > > > > Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: > > /data/tftp/pxelinux.0 > > > > And in subnet 172.18.7.0/24 clients will boot with: > > /data/tftp/var/lib/tftpboot/pxelinux.0 > > > > and return a "File not found" error. > > > > I'd expected: > > 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- > without exposing path) > > 172.18.2: pxelinux.0(file found within /data/tftp -- > without exposing path) > > 172.18.3: /pxelinux.0 (file found within /) > > 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within > /var/lib/tftpboot/pxelinux.0) > > > > or even better: some way to set tftp-root for every subnet-config and > > having only relative paths to access files regardless of giving absolute > > or relative paths. > > > > ProblemType: Bug > > DistroRelease: Ubuntu 18.04 > > Package: dnsmasq 2.79-1 > > ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 > > Uname: Linux 4.15.0-87-generic x86_64 > > ApportVersion: 2.20.9-0ubuntu7.10 > > Architecture: amd64 > > Date: Thu Feb 6 11:43:07 2020 > > InstallationDate: Installed on 2014-01-31 (2197 days ago) > > InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release > amd64 (20131016) > > PackageArchitecture: all > > ProcEnviron: > > TERM=xterm > > PATH=(custom, no user) > > XDG_RUNTIME_DIR= > > LANG=de_DE.UTF-8 > > SHELL=/bin/bash > > SourcePackage: dnsmasq > > UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) > > mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 > > mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 > > > > ** Affects: dnsmasq (Ubuntu) > > Importance: Undecided > > Status: New > > > > > > ** Tags: amd64 apport-bug bionic > > > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1862157 > > Title: > dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions > -- Thomas -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets:
Re: [Touch-packages] [Bug 1862157] [NEW] dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
tftp-root is a security feature. The tftp protocol is entirely unauthenticated, and if a request was allowed to go outside the specified root directory, than that effectively makes all readable files on the host available for internet-wide access, which is not generally desirable. If you want TFTP to be able to access any file on the machine, don't set a tftp-root. Simon. On 06/02/2020 11:02, Thomas Schweikle wrote: > Public bug reported: > > dnsmasq does in all cases prepend "tftp_root" to tftp-files. > > tftp-root=/data/tftp > dhcp-boot=grub/i386-pc/core.0 > > now have some config files for different subnets: > dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 > dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 > dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de > > Now booting clients within subnet 172.18.1.0/24 will boot grub with: > /data/tftp/grub/i386-pc/core.0 > > Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: > /data/tftp/pxelinux.0 > > And in subnet 172.18.7.0/24 clients will boot with: > /data/tftp/var/lib/tftpboot/pxelinux.0 > > and return a "File not found" error. > > I'd expected: > 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- > without exposing path) > 172.18.2: pxelinux.0(file found within /data/tftp -- > without exposing path) > 172.18.3: /pxelinux.0 (file found within /) > 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within > /var/lib/tftpboot/pxelinux.0) > > or even better: some way to set tftp-root for every subnet-config and > having only relative paths to access files regardless of giving absolute > or relative paths. > > ProblemType: Bug > DistroRelease: Ubuntu 18.04 > Package: dnsmasq 2.79-1 > ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 > Uname: Linux 4.15.0-87-generic x86_64 > ApportVersion: 2.20.9-0ubuntu7.10 > Architecture: amd64 > Date: Thu Feb 6 11:43:07 2020 > InstallationDate: Installed on 2014-01-31 (2197 days ago) > InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 > (20131016) > PackageArchitecture: all > ProcEnviron: > TERM=xterm > PATH=(custom, no user) > XDG_RUNTIME_DIR= > LANG=de_DE.UTF-8 > SHELL=/bin/bash > SourcePackage: dnsmasq > UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) > mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 > mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 > > ** Affects: dnsmasq (Ubuntu) > Importance: Undecided > Status: New > > > ** Tags: amd64 apport-bug bionic > -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to:
[Touch-packages] [Bug 1862157] [NEW] dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles
Public bug reported: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 ** Affects: dnsmasq (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0(file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
