TFTPD(8) System Manager's Manual: iputils TFTPD(8)
NAME
tftpd - Trivial File Transfer Protocol server
SYNOPSIS
tftpd directory
DESCRIPTION
tftpd is a server which supports the DARPA Trivial File Transfer Proto-
col (RFC1350). The TFTP server is started by inetd(8).
directory is required argument; if(3,n) it is not given tftpd aborts. This
path is prepended to any file(1,n) name requested via TFTP protocol, effec-
tively chrooting tftpd to this directory. File names are validated not
to escape out of this directory, however administrator may configure
such escape using symbolic links.
It is in(1,8) difference of variants of tftpd usually distributed with unix-
like systems, which take a list of directories and match file(1,n) names to
start from one of given prefixes or to some random(3,4,6) default, when no
arguments were given. There are two reasons not to behave in(1,8) this way:
first, it is inconvenient, clients are not expected to know something
about layout of filesystem on server host. And second, TFTP protocol
is not a tool for browsing of server's filesystem, it is just an agent
allowing to boot dumb clients.
In the case when tftpd is used together with rarpd(8), tftp directories
in(1,8) these services should coincide and it is expected that each client
booted via TFTP has boot image corresponding its IP address with an
architecture suffix following Sun Microsystems conventions. See
rarpd(8) for more details.
SECURITY
TFTP protocol does not provide any authentication. Due to this capital
flaw tftpd is not able to restrict access(2,5) to files and will allow only
publically readable files to be accessed. Files may be written only if(3,n)
they already exist and are publically writable.
Impact is evident, directory exported via TFTP must not contain sensi-
tive information of any kind, everyone is allowed to read(2,n,1 builtins) it as soon as
a client is allowed. Boot images do not contain such information as
rule, however you should think twice before publishing f.e. Cisco IOS
config(1,5) files via TFTP, they contain unencrypted passwords and may con-
tain some information about the network, which you were not going to
make public.
The tftpd server should be executed by inetd with dropped root privi-
leges, namely with a user ID giving minimal access(2,5) to files published
in(1,8) tftp directory. If it is executed as superuser occasionally, tftpd
drops its UID and GID to 65534, which is most likely not the thing
which you expect. However, this is not very essential; remember, only
files accessible for everyone can be read(2,n,1 builtins) or written via TFTP.
SEE ALSO
rarpd(8), tftp(1), inetd(8).
HISTORY
The tftpd command appeared in(1,8) 4.2BSD. The source in(1,8) iputils is cleaned
up both syntactically (ANSIized) and semantically (UDP socket(2,7,n) IO).
It is distributed with iputils mostly as good demo of an interesting
feature (MSG_CONFIRM) allowing to boot long images by dumb clients not
answering ARP requests until they are finally booted. However, this is
full functional and can be used in(1,8) production.
AVAILABILITY
tftpd is part of iputils package and the latest versions are available
in(1,8) source form for anonymous ftp ftp://ftp.inr.ac.ru/ip-rout-
ing/iputils-current.tar.gz.
iputils-020927 27 September 2002 TFTPD(8)