Ubuntu
dnsmasq package

Bug #1862157
Comment #5

Comment 5 for bug 1862157

Revision history for this message

Simon Kelley (simon-thekelleys) wrote on 2020-02-07: Re: [Bug 1862157] [NEW] dnsmasq does in all cases prepend "tftp_root" to tftp-bootfiles

tftp-root is a security feature. The tftp protocol is entirely
unauthenticated, and if a request was allowed to go outside the
specified root directory, than that effectively makes all readable files
on the host available for internet-wide access, which is not generally
desirable. If you want TFTP to be able to access any file on the
machine, don't set a tftp-root.

Simon.

On 06/02/2020 11:02, Thomas Schweikle wrote:
> Public bug reported:
>
> dnsmasq does in all cases prepend "tftp_root" to tftp-files.
>
> tftp-root=/data/tftp
> dhcp-boot=grub/i386-pc/core.0
>
> now have some config files for different subnets:
> dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1
> dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1
> dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de
>
> Now booting clients within subnet 172.18.1.0/24 will boot grub with:
> /data/tftp/grub/i386-pc/core.0
>
> Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with:
> /data/tftp/pxelinux.0
>
> And in subnet 172.18.7.0/24 clients will boot with:
> /data/tftp/var/lib/tftpboot/pxelinux.0
>
> and return a "File not found" error.
>
> I'd expected:
> 172.18.1: grub/i386-pc/core.0 (file found within /data/tftp -- without exposing path)
> 172.18.2: pxelinux.0 (file found within /data/tftp -- without exposing path)
> 172.18.3: /pxelinux.0 (file found within /)
> 172.18.7: /var/lib/tftpboot/pxelinux.0 (file found within /var/lib/tftpboot/pxelinux.0)
>
> or even better: some way to set tftp-root for every subnet-config and
> having only relative paths to access files regardless of giving absolute
> or relative paths.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 18.04
> Package: dnsmasq 2.79-1
> ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18
> Uname: Linux 4.15.0-87-generic x86_64
> ApportVersion: 2.20.9-0ubuntu7.10
> Architecture: amd64
> Date: Thu Feb 6 11:43:07 2020
> InstallationDate: Installed on 2014-01-31 (2197 days ago)
> InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016)
> PackageArchitecture: all
> ProcEnviron:
> TERM=xterm
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=de_DE.UTF-8
> SHELL=/bin/bash
> SourcePackage: dnsmasq
> UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago)
> mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595
> mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353
>
> ** Affects: dnsmasq (Ubuntu)
> Importance: Undecided
> Status: New
>
>
> ** Tags: amd64 apport-bug bionic
>

Simon.

On 06/02/2020 11:02, Thomas Schweikle wrote:
> Public bug reported:
> 
> dnsmasq does in all cases prepend "tftp_root" to tftp-files.
> 
> tftp-root=/data/tftp
> dhcp-boot=grub/i386-pc/core.0
> 
> now have some config files for different subnets:
> dhcp-boot=net:172-18-1,grub/i386-pc/core.0,172.18.1.1
> dhcp-boot=net:172-18-8,pxelinux.0,172.18.8.1
> dhcp-boot=net:172-18-7,/var/lib/tftpboot/pxelinux.0,spacewalk-ber.bfs.de
> 
> Now booting clients within subnet 172.18.1.0/24 will boot grub with:
> /data/tftp/grub/i386-pc/core.0
> 
> Booting clients within subnet 172.18.2.0/24 will boot pxelinux.0 with:
> /data/tftp/pxelinux.0
> 
> And in subnet 172.18.7.0/24 clients will boot with:
> /data/tftp/var/lib/tftpboot/pxelinux.0
> 
> and return a "File not found" error.
> 
> I'd expected:
> 172.18.1: grub/i386-pc/core.0           (file found within /data/tftp -- without exposing path)
> 172.18.2: pxelinux.0                    (file found within /data/tftp -- without exposing path)
> 172.18.3: /pxelinux.0                   (file found within /)
> 172.18.7: /var/lib/tftpboot/pxelinux.0  (file found within /var/lib/tftpboot/pxelinux.0)
> 
> or even better: some way to set tftp-root for every subnet-config and
> having only relative paths to access files regardless of giving absolute
> or relative paths.
> 
> ProblemType: Bug
> DistroRelease: Ubuntu 18.04
> Package: dnsmasq 2.79-1
> ProcVersionSignature: Ubuntu 4.15.0-87.87-generic 4.15.18
> Uname: Linux 4.15.0-87-generic x86_64
> ApportVersion: 2.20.9-0ubuntu7.10
> Architecture: amd64
> Date: Thu Feb  6 11:43:07 2020
> InstallationDate: Installed on 2014-01-31 (2197 days ago)
> InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016)
> PackageArchitecture: all
> ProcEnviron:
>  TERM=xterm
>  PATH=(custom, no user)
>  XDG_RUNTIME_DIR=<set>
>  LANG=de_DE.UTF-8
>  SHELL=/bin/bash
> SourcePackage: dnsmasq
> UpgradeStatus: Upgraded to bionic on 2018-11-23 (439 days ago)
> mtime.conffile..etc.default.dnsmasq: 2014-02-19T17:19:28.429595
> mtime.conffile..etc.dnsmasq.conf: 2016-08-17T12:18:41.225353
> 
> ** Affects: dnsmasq (Ubuntu)
>      Importance: Undecided
>          Status: New
> 
> 
> ** Tags: amd64 apport-bug bionic
>

Ubuntudnsmasq package

Comment 5 for bug 1862157

Ubuntu
dnsmasq package