asume following: / /data /data/tftp /data/tftp/grub /data/tftp/pxe
tftp on some client: tftp-root unset: tftp grub/grub.0 -> file not found tftp /grub/grub.0 -> file not found tftp data/tftp/grub/grub.0 -> loads grub. tftp /data/tftp/grub/grub.0 -> loads grub. tftp-root=/data/tftp -- this prepends tftp-root to all paths given: tftp grub/grub.0 -> /data/tftp/grub/grub.0 -> loads grub. tftp /grub/grub.0 -> /data/tftp/grub/grub.0 -> loads grub tftp data/tftp/grub/grub.0 -> /data/tftp/data/tftp/grub/grub.0 -> file not found tftp /data/tftp/grub/grub.0 -> /data/tftp/data/tftp/grub/grub.0 -> file not found This way tftp in dnsmasq exposes what directory tftp-files reside. I'd awaited it to act if tftp-root is set as: tftp grub/grub.0 -> grub/grub.0 -> loads grub. tftp /grub/grub.0 -> grub/grub.0 -> loads grub tftp data/tftp/grub/grub.0 -> data/tftp/grub/grub.0 -> file not found tftp /data/tftp/grub/grub.0 -> /data/tftp/grub/grub.0 -> file not found Thus meaning tftp-root acts like chroot making tftp-clients see set tftp-root as root of the filesystem, not as forced path into a filesystem how dnsmasq handles tftp-root makes it difficult to have further software have correct paths to boot operating systems, because dnsmasq tftp handles back full paths which may be never available to nfs or smb based remote boots. On Fri, Feb 7, 2020 at 10:25 PM Simon Kelley <si...@thekelleys.org.uk> wrote: > tftp-root is a security feature. The tftp protocol is entirely > unauthenticated, and if a request was allowed to go outside the > specified root directory, than that effectively makes all readable files > on the host available for internet-wide access, which is not generally > desirable. If you want TFTP to be able to access any file on the > machine, don't set a tftp-root. > > > Simon. > > > On 06/02/2020 11:02, Thomas Schweikle wrote: > > Public bug reported: > > > > dnsmasq does in all cases prepend "tftp_root" to tftp-files. > > > > tftp-root=/data/tftp > > dhcp-boot=grub/i386-pc/core.0 > > > > now have some config files for different subnets: > > dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1 > > dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1 > > dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de > > > > Now booting clients within subnet 172.18.1.0/24 will boot grub with: > > /data/tftp/grub/i386-pc/core.0 > > > > Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with: > > /data/tftp/pxelinux.0 > > > > And in subnet 172.18.7.0/24 clients will boot with: > > /data/tftp/var/lib/tftpboot/pxelinux.0 > > > > and return a "File not found" error. > > > > I'd expected: > > 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- > without exposing path) > > 172.18.2: pxelinux.0 (file found within /data/tftp -- > without exposing path) > > 172.18.3: /pxelinux.0 (file found within /) > > 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within > /var/lib/tftpboot/pxelinux.0) > > > > or even better: some way to set tftp-root for every subnet-config and > > having only relative paths to access files regardless of giving absolute > > or relative paths. > > > > ProblemType: Bug > > DistroRelease: Ubuntu 18.04 > > Package: dnsmasq 2.79-1 > > ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18 > > Uname: Linux 4.15.0-87-generic x86_64 > > ApportVersion: 2.20.9-0ubuntu7.10 > > Architecture: amd64 > > Date: Thu Feb 6 11:43:07 2020 > > InstallationDate: Installed on 2014-01-31 (2197 days ago) > > InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release > amd64 (20131016) > > PackageArchitecture: all > > ProcEnviron: > > TERM=xterm > > PATH=(custom, no user) > > XDG_RUNTIME_DIR=<set> > > LANG=de_DE.UTF-8 > > SHELL=/bin/bash > > SourcePackage: dnsmasq > > UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago) > > mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595 > > mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353 > > > > ** Affects: dnsmasq (Ubuntu) > > Importance: Undecided > > Status: New > > > > > > ** Tags: amd64 apport-bug bionic > > > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1862157 > > Title: > dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions > -- Thomas -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1862157 Title: dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1862157/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
