From nobody Sat Aug 19 06:58:01 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RSV1j6mHpz4qJt0; Sat, 19 Aug 2023 06:58:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RSV1j5Rkyz4RGd; Sat, 19 Aug 2023 06:58:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692428281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gn9pfMJd52n0P7pqUzuVWgueAhilAhdY20lCpVtLs78=; b=YQmCbdD3kOzXJd2FbviLB0fpgV2BcgGYfxovrDBWr5CvpdVY5NRXM5OQ8X3w3q+z4C5tG1 1PQYGHNXRVZ1Kfw1oM9jWHazGLByPx248APz+4TXpQa2+qRsiyB83QpjqNKhqvvdlzWwwY Rihiczv96+yQO1qQo7Y3jgHmtdHmHkIQlZqGp7KC2sxu7nHMCSDBdMv4vN6IZNwnUJUqPD XRmOUeHR3hJ2X4XJyyHxpl1XLa5XvNNK2eLZ/6JF1DKw+mR5LcXBhdLiP5nytDTUPleztn HZy0kxVzFg/HzOvtwDxTt8bkrQW5tGJNHwF+/5Vk+5yfB6UvIwdmHkOD1X/Uyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692428281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gn9pfMJd52n0P7pqUzuVWgueAhilAhdY20lCpVtLs78=; b=jYb9AC299huytczGPY4xvlZsIde/jNi1D6CUGXfgXj9MtqnEtkLHAPeZ0uwRuLlYKYPlHF BYacd7dsk67wbCn5tJG7mw6BDyOzouVH/Rey9OKCsXGWQ/lz+jKEhCu0zCE92xMene7AvV w+FZ29v4QqskvLB//0MZOzN5b3P5SE0x3te2mcOyobRBd0bXLN0EVAiUg8Pq1C5ypyZsW0 czfLDZevzvF6o93SHXUM1yZt36NCNIgBNqAdr3tLuHPzEWgnezB5UyDnxYTdLMjW7Hq1Cm mjijLanjXxRXcuZdUMRpmF+sXOpDtoDdUC5M0KUTh3RCkoEUpxjjWlW+3Xi3wg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692428281; a=rsa-sha256; cv=none; b=wKuwERhzpG8N5lWc8S+jb8hJ1BLqiKJLu3fGLpXzHboPjkLbUhrYfOEQrnVtQTDcsUdzS2 VMim+d+KBiZMtiNDcs8P7zDEC0sEw6a93/hCg7n3V+yvcj29FYCUtUfanYyqDymO9NwztP R/T5ATEVCN5JGoHDkXejPajRCKVdUq4AoaZlmBejjZL07mQgBjzhx7C0iBSx0gzeo+cT3O FILmWFmka5rTHhCYt/94DamNwaUNwFfBVjM0HWuqX3kIgi6idXyy0cfSuvJZD2I4xnkiBG BtIrMeX5ZMsWYHQe4UmvOcggysJYst4MuWssar2cmqfyvWWZbywjp7/S3+lbxA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RSV1j45mLzp82; Sat, 19 Aug 2023 06:58:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37J6w1bQ085864; Sat, 19 Aug 2023 06:58:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37J6w1MR085861; Sat, 19 Aug 2023 06:58:01 GMT (envelope-from git) Date: Sat, 19 Aug 2023 06:58:01 GMT Message-Id: <202308190658.37J6w1MR085861@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Eugene Grosbein Subject: git: a99bf9966590 - stable/12 - tftpd: introduce new option -S List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eugen X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: a99bf9966590859d21d28ec63798820dc07e0ba8 Auto-Submitted: auto-generated The branch stable/12 has been updated by eugen: URL: https://cgit.FreeBSD.org/src/commit/?id=a99bf9966590859d21d28ec63798820dc07e0ba8 commit a99bf9966590859d21d28ec63798820dc07e0ba8 Author: Eugene Grosbein AuthorDate: 2023-07-20 20:11:33 +0000 Commit: Eugene Grosbein CommitDate: 2023-08-19 06:53:28 +0000 tftpd: introduce new option -S Historically, tftpd disallowed write requests to existing files that are not publicly writable. Such requirement is questionable at least. Let us make it possible to run tftpd in chrooted environment keeping files non-world writable. New option -S enables write requests to existing files for chrooted run according to generic file permissions. It is ignored unless tftpd runs chrooted. Requested by: marck Differential: https://reviews.freebsd.org/D41090 (based on) (cherry picked from commit 273a307d0b80743fb08e23237b3f74dc94a8fa2a) (cherry picked from commit 03c2616dc530e5b23f06f9aa421012154590e578) --- libexec/tftpd/tftpd.8 | 22 ++++++++++++++++++---- libexec/tftpd/tftpd.c | 15 ++++++++++++--- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/libexec/tftpd/tftpd.8 b/libexec/tftpd/tftpd.8 index e4f5ab94a2fe..a984cdc32c94 100644 --- a/libexec/tftpd/tftpd.8 +++ b/libexec/tftpd/tftpd.8 @@ -28,7 +28,7 @@ .\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd March 2, 2020 +.Dd July 20, 2023 .Dt TFTPD 8 .Os .Sh NAME @@ -72,7 +72,11 @@ Files containing the string or starting with .Dq Li "../" are not allowed. -Files may be written only if they already exist and are publicly writable. +Files may be written only if they already exist (unless the +.Fl w +option is used) and are publicly writable (unless chrooted and the +.Fl S +option is used). Note that this extends the concept of .Dq public to include @@ -191,6 +195,12 @@ to change its root directory to After doing that but before accepting commands, .Nm will switch credentials to an unprivileged user. +.It Fl S +If +.Nm +runs chrooted, the option allows write requests according to generic +file permissions, skipping requirement for files to be publicly writable. +The option is ignored for non-chrooted run. .It Fl u Ar user Switch credentials to .Ar user @@ -275,12 +285,16 @@ the .Fl c option was introduced in .Fx 4.3 , -and the +the .Fl F and .Fl W options were introduced in -.Fx 7.4 . +.Fx 7.4 , +and the +.Fl S +option was introduced in +.Fx 13.3 . .Pp Support for Timeout Interval and Transfer Size Options (RFC2349) was introduced in diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index 02fbaaf0d371..56b97d4791bc 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -98,6 +98,7 @@ static struct dirlist { static int suppress_naks; static int logging; static int ipchroot; +static int check_woth = 1; static int create_new = 0; static const char *newfile_format = "%Y%m%d"; static int increase_name = 0; @@ -138,7 +139,8 @@ main(int argc, char *argv[]) acting_as_client = 0; tftp_openlog("tftpd", LOG_PID | LOG_NDELAY, LOG_FTP); - while ((ch = getopt(argc, argv, "cCd:F:lnoOp:s:u:U:wW")) != -1) { + while ((ch = getopt(argc, argv, "cCd:F:lnoOp:s:Su:U:wW")) != -1) { +>>>>>>> 273a307d0b80 (tftpd: introduce new option -S) switch (ch) { case 'c': ipchroot = 1; @@ -176,6 +178,9 @@ main(int argc, char *argv[]) case 's': chroot_dir = optarg; break; + case 'S': + check_woth = -1; + break; case 'u': chuser = optarg; break; @@ -385,7 +390,11 @@ main(int argc, char *argv[]) tftp_log(LOG_ERR, "setuid failed"); exit(1); } + if (check_woth == -1) + check_woth = 0; } + if (check_woth == -1) + check_woth = 1; len = sizeof(me_sock); if (getsockname(0, (struct sockaddr *)&me_sock, &len) == 0) { @@ -727,7 +736,7 @@ validate_access(int peer, char **filep, int mode) if ((stbuf.st_mode & S_IROTH) == 0) return (EACCESS); } else { - if ((stbuf.st_mode & S_IWOTH) == 0) + if (check_woth && ((stbuf.st_mode & S_IWOTH) == 0)) return (EACCESS); } } else { @@ -757,7 +766,7 @@ validate_access(int peer, char **filep, int mode) if ((stbuf.st_mode & S_IROTH) != 0) break; } else { - if ((stbuf.st_mode & S_IWOTH) != 0) + if (!check_woth || ((stbuf.st_mode & S_IWOTH) != 0)) break; } err = EACCESS;