tftp-root is a security feature. The tftp protocol is entirely unauthenticated, and if a request was allowed to go outside the specified root directory, than that effectively makes all readable files on the host available for internet-wide access, which is not generally desirable. If you want TFTP to be able to access any file on the machine, don't set a tftp-root.
Simon. On 06/02/2020 11:02, Thomas Schweikle wrote: > Public bug reported: > > dnsmasq does in all cases prepend "tftp_root" to tftp-files. > > tftp-root=/data/tftp > dhcp-boot=grub/i386-pc/core.0 > > now have some config files for different subnets: > dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 > dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 > dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de > > Now booting clients within subnet 172.18.1.0/24 will boot grub with: > /data/tftp/grub/i386-pc/core.0 > > Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: > /data/tftp/pxelinux.0 > > And in subnet 172.18.7.0/24 clients will boot with: > /data/tftp/var/lib/tftpboot/pxelinux.0 > > and return a "File not found" error. > > I'd expected: > 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- > without exposing path) > 172.18.2: pxelinux.0 (file found within /data/tftp -- > without exposing path) > 172.18.3: /pxelinux.0 (file found within /) > 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within > /var/lib/tftpboot/pxelinux.0) > > or even better: some way to set tftp-root for every subnet-config and > having only relative paths to access files regardless of giving absolute > or relative paths. > > ProblemType: Bug > DistroRelease: Ubuntu 18.04 > Package: dnsmasq 2.79-1 > ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 > Uname: Linux 4.15.0-87-generic x86_64 > ApportVersion: 2.20.9-0ubuntu7.10 > Architecture: amd64 > Date: Thu Feb 6 11:43:07 2020 > InstallationDate: Installed on 2014-01-31 (2197 days ago) > InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 > (20131016) > PackageArchitecture: all > ProcEnviron: > TERM=xterm > PATH=(custom, no user) > XDG_RUNTIME_DIR=<set> > LANG=de_DE.UTF-8 > SHELL=/bin/bash > SourcePackage: dnsmasq > UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) > mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 > mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 > > ** Affects: dnsmasq (Ubuntu) > Importance: Undecided > Status: New > > > ** Tags: amd64 apport-bug bionic > -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles Status in dnsmasq package in Ubuntu: New Bug description: dnsmasq does in all cases prepend "tftp_root" to tftp-files. tftp-root=/data/tftp dhcp-boot=grub/i386-pc/core.0 now have some config files for different subnets: dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de Now booting clients within subnet 172.18.1.0/24 will boot grub with: /data/tftp/grub/i386-pc/core.0 Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: /data/tftp/pxelinux.0 And in subnet 172.18.7.0/24 clients will boot with: /data/tftp/var/lib/tftpboot/pxelinux.0 and return a "File not found" error. I'd expected: 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path) 172.18.2: pxelinux.0 (file found within /data/tftp -- without exposing path) 172.18.3: /pxelinux.0 (file found within /) 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0) or even better: some way to set tftp-root for every subnet-config and having only relative paths to access files regardless of giving absolute or relative paths. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 Uname: Linux 4.15.0-87-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.10 Architecture: amd64 Date: Thu Feb 6 11:43:07 2020 InstallationDate: Installed on 2014-01-31 (2197 days ago) InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
