From nobody Thu Jul 20 20:23:39 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6PK75nYTz4p9nZ; Thu, 20 Jul 2023 20:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6PK75KvNz3K0j; Thu, 20 Jul 2023 20:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689884619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+gxQ8pOqqlhpI5mh9BvnzrTpZ6oQhMvFzlRFWeO9s+w=; b=MOBhpDab/svSArOgureNyF9TaLg54gGrz9P5i10SnXH+tMFHY2Ccv/IpQb0X8rAvKiV8+m PC5Kus5pxTYQ4TvqWGx/gVUWcvPTCMbf6uamWlsCnQ+4AKEfyP3pzTCPn10iMgaThyetOY h8ahbLQKYqrdQQ62e+mnQc6qUd8q4++jaKhvhvVYSAQazZavAM/op1e5Uo7cGhyUjsr3ZU 1FWFACoHx2nh9mjulwwG31NmJdDZEwnURVwvKVBTDaKdyn/I5Hf44QMIroXTsMO4u5ZCvj MDkjD8E5ctG1+qUdcMDK55IJFrUcz4HY1aclswYX0LiaWh0tE7na5ggPIOESPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689884619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+gxQ8pOqqlhpI5mh9BvnzrTpZ6oQhMvFzlRFWeO9s+w=; b=om6egItIsU2HWadqm/5R7uCWHRPmRg5KMUE45pg39CxB4g6N/mX4FShcwIrhcoSkPk3P/j wgwFFuwY0qtD5SrYNA5Ne1D9u96J2rzs9tRiA1N8zUZwOC7eUVJ17o0RHuJIRHtwg2CE+l thDkIHuAxg1kH/7hWSXPdxZES+5yX9MU1G51jTaquWAIGQUM5zMybzUt48fFQRTSYfkFiE 8Syp9bxucAGVxPN3LJa2XbwCrYdflihnM/cbjLfACfZ/PowX/AqyuHncWeeA3IXM0dIiHM iTKaqxK1D+MYQhBn5Buuw/eC1KZJCNr69mwXeEWzDYlhU6JtvrGKTk5y9NQyWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689884619; a=rsa-sha256; cv=none; b=JfdZSF7ZYcYQRTNplV3YcWZRkBoLOGB0u71g4vfvV36PZrsd+jxmWmlkCGhHvwiE59pFXJ Vbdu/3ekxjUQU3YlggdicyMeR5rFQZlxY+fErYXrvQteXzHazyxWjH0RxHJRAEcBUq8yUR hgLyJyE4m2UI+bvxHpLgm+jO6dnzt6zpY839/G+KDU+KDG6qPR1YP6o+1wcXWUaFQ4g6pY LmOLt26lbep5ARlYRIe8WlFCWuNwVHgT8M0NeMOnjUQgETL08IzgkQuL69gcqngtANNrb7 f5MQMJqp0ptnCJlvOUjWNWnXecDez2NqZMozaj+RkxGRyeUZeX0MhSH2kHmYVQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6PK74PMyzl32; Thu, 20 Jul 2023 20:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36KKNdSf002722; Thu, 20 Jul 2023 20:23:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36KKNdNp002721; Thu, 20 Jul 2023 20:23:39 GMT (envelope-from git) Date: Thu, 20 Jul 2023 20:23:39 GMT Message-Id: <202307202023.36KKNdNp002721@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Eugene Grosbein Subject: git: 273a307d0b80 - main - tftpd: introduce new option -S List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eugen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 273a307d0b80743fb08e23237b3f74dc94a8fa2a Auto-Submitted: auto-generated The branch main has been updated by eugen: URL: https://cgit.FreeBSD.org/src/commit/?id=273a307d0b80743fb08e23237b3f74dc94a8fa2a commit 273a307d0b80743fb08e23237b3f74dc94a8fa2a Author: Eugene Grosbein AuthorDate: 2023-07-20 20:11:33 +0000 Commit: Eugene Grosbein CommitDate: 2023-07-20 20:23:35 +0000 tftpd: introduce new option -S Historically, tftpd disallowed write requests to existing files that are not publicly writable. Such requirement is questionable at least. Let us make it possible to run tftpd in chrooted environment keeping files non-world writable. New option -S enables write requests to existing files for chrooted run according to generic file permissions. It is ignored unless tftpd runs chrooted. MFC after: 1 month Requested by: marck Differential: https://reviews.freebsd.org/D41090 (based on) --- libexec/tftpd/tftpd.8 | 22 ++++++++++++++++++---- libexec/tftpd/tftpd.c | 14 +++++++++++--- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/libexec/tftpd/tftpd.8 b/libexec/tftpd/tftpd.8 index e4f5ab94a2fe..a984cdc32c94 100644 --- a/libexec/tftpd/tftpd.8 +++ b/libexec/tftpd/tftpd.8 @@ -28,7 +28,7 @@ .\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd March 2, 2020 +.Dd July 20, 2023 .Dt TFTPD 8 .Os .Sh NAME @@ -72,7 +72,11 @@ Files containing the string or starting with .Dq Li "../" are not allowed. -Files may be written only if they already exist and are publicly writable. +Files may be written only if they already exist (unless the +.Fl w +option is used) and are publicly writable (unless chrooted and the +.Fl S +option is used). Note that this extends the concept of .Dq public to include @@ -191,6 +195,12 @@ to change its root directory to After doing that but before accepting commands, .Nm will switch credentials to an unprivileged user. +.It Fl S +If +.Nm +runs chrooted, the option allows write requests according to generic +file permissions, skipping requirement for files to be publicly writable. +The option is ignored for non-chrooted run. .It Fl u Ar user Switch credentials to .Ar user @@ -275,12 +285,16 @@ the .Fl c option was introduced in .Fx 4.3 , -and the +the .Fl F and .Fl W options were introduced in -.Fx 7.4 . +.Fx 7.4 , +and the +.Fl S +option was introduced in +.Fx 13.3 . .Pp Support for Timeout Interval and Transfer Size Options (RFC2349) was introduced in diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index b25e8b0c762f..9ae7575f3d23 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -100,6 +100,7 @@ static struct dirlist { static int suppress_naks; static int logging; static int ipchroot; +static int check_woth = 1; static int create_new = 0; static const char *newfile_format = "%Y%m%d"; static int increase_name = 0; @@ -141,7 +142,7 @@ main(int argc, char *argv[]) acting_as_client = 0; tftp_openlog("tftpd", LOG_PID | LOG_NDELAY, LOG_FTP); - while ((ch = getopt(argc, argv, "cCd::F:lnoOp:s:u:U:wW")) != -1) { + while ((ch = getopt(argc, argv, "cCd::F:lnoOp:sS:u:U:wW")) != -1) { switch (ch) { case 'c': ipchroot = 1; @@ -181,6 +182,9 @@ main(int argc, char *argv[]) case 's': chroot_dir = optarg; break; + case 'S': + check_woth = -1; + break; case 'u': chuser = optarg; break; @@ -361,7 +365,11 @@ main(int argc, char *argv[]) tftp_log(LOG_ERR, "setuid failed"); exit(1); } + if (check_woth == -1) + check_woth = 0; } + if (check_woth == -1) + check_woth = 1; len = sizeof(me_sock); if (getsockname(0, (struct sockaddr *)&me_sock, &len) == 0) { @@ -704,7 +712,7 @@ validate_access(int peer, char **filep, int mode) if ((stbuf.st_mode & S_IROTH) == 0) return (EACCESS); } else { - if ((stbuf.st_mode & S_IWOTH) == 0) + if (check_woth && ((stbuf.st_mode & S_IWOTH) == 0)) return (EACCESS); } } else { @@ -734,7 +742,7 @@ validate_access(int peer, char **filep, int mode) if ((stbuf.st_mode & S_IROTH) != 0) break; } else { - if ((stbuf.st_mode & S_IWOTH) != 0) + if (!check_woth || ((stbuf.st_mode & S_IWOTH) != 0)) break; } err = EACCESS;