[Dnsmasq-discuss] TFTP server - write requests
simon at thekelleys.org.uk
Tue Jan 12 13:59:06 GMT 2010
Bob Barnes wrote:
> Hello Simon et. al.
> I am wondering how you feel about implementation of the OP_WRQ write
> request in dnsmasq's TFTP server.
> I'm using dnsmasq in my home network where it has already given several
> years of trouble-free service. Amongst other things, I run a mythtv
> system. One of my devices is based on minimyth, which allows a diskless
> machine to be a myth box, and loads files with TFTP. All of this works
> perfectly with dnsmasq, but minimyth also provides some features (e.g.
> codec download) which need the TFTP write operation.
> Was OP_WRQ something you've deliberately not implemented (for example
> due to security, complexity or other concerns), is there generally not
> enough need for it, or could it be added to the wish list?
The philosopy was to implement just enough of TFTP to do network boot,
aiming for security and then simplicity. Hence no write operation: it's
not needed for network booting, and it's not secure.
Apart from not being necessary, having write access when you're doing
netboot is really quite scary: there's no authentication _at_all_ in the
TFTP spec, so even when you limit the TFTP server to a small corner of
the filesystem, any host on the network can replace your netboot images
and trojan newly-booted machines from the outset.
If it were to be added it would have to disabled by default and anyone
doing netboot could never switch it on unless they were very,very
carefull to ensure that all the files needed for netboot were read-only
to dnsmasq, and that no files could be created that might be used to
netboot (think of the was PXELinux does a search of successively more
general config files based the hosts MAC address and IP address.)
On the whole, I'd rather leave it the way it is, and advise people who
really need TFTP-write to use a different TFTP server, but I'm open to
arguments that I've got this wrong.
More information about the Dnsmasq-discuss