[Dnsmasq-discuss] TFTP server - write requests

Simon Kelley simon at thekelleys.org.uk
Tue Jan 12 13:59:06 GMT 2010


Bob Barnes wrote:
> Hello Simon et. al.
> 
> I am wondering how you feel about implementation of the OP_WRQ write 
> request in dnsmasq's TFTP server.
> 
> I'm using dnsmasq in my home network where it has already given several 
> years of trouble-free service. Amongst other things, I run a mythtv 
> system. One of my devices is based on minimyth, which allows a diskless 
> machine to be a myth box, and loads files with TFTP. All of this works 
> perfectly with dnsmasq, but minimyth also provides some features (e.g. 
> codec download) which need the TFTP write operation.
> 
> Was OP_WRQ something you've deliberately not implemented (for example 
> due to security, complexity or other concerns), is there generally not 
> enough need for it, or could it be added to the wish list?

The philosopy was to implement just enough of TFTP to do network boot, 
aiming for security and then simplicity. Hence no write operation: it's 
not needed for network booting, and it's not secure.

Apart from not being necessary, having write access when you're doing 
netboot is really quite scary: there's no authentication _at_all_ in the 
TFTP spec, so even when you limit the TFTP server to a small corner of 
the filesystem, any host on the network can replace your netboot images 
and trojan newly-booted machines from the outset.

If it were to be added it would have to disabled by default and anyone 
doing netboot could never switch it on unless they were very,very 
carefull to ensure that all the files needed for netboot were read-only 
to dnsmasq, and that no files could be created that might be used to 
netboot (think of the was PXELinux does a search of successively more 
general config files based the hosts MAC address and IP address.)

On the whole, I'd rather leave it the way it is, and advise people who 
really need TFTP-write to use a different TFTP server, but I'm open to 
arguments that I've got this wrong.



Cheers,

Simon.









More information about the Dnsmasq-discuss mailing list