>Number:         4218
>Category:       bin
>Synopsis:       tftpd must be run as root
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Oct  3 16:05:08 1997
>Last-Modified:
>Originator:     Chris G. Demetriou
>Organization:
Kernel Hackers 'r' Us
>Release:        NetBSD-current as of October 1, 1997
>Environment:
System: NetBSD brick.demetriou.com 1.2G NetBSD 1.2G (BRICK) #116: Wed Jul 16 14:03:06 PDT 1997 cgd@brick.demetriou.com:/usr/src/sys/arch/i386/compile/BRICK i386


>Description:
	tftpd must be run as root.  if run as a normal user, it fails
	and exits after logging a message about a failure to set its
	group ID.

	The tftpd manual page says:

		The server should have the user ID with the lowest
		possible privilege.

	which makes sense, but the program refuses to work unless
	it's run as root.  The root requirement makes sense if -s is
	used (since it has to chroot), but otherwise should be
	unnecessary and may worsen security problems.

	It's also arguably nice to have the ability to run tftpd
	with a special user id.  (On a related note, it might be
	nice to add a way to specify what user/group to switch to,
	if root.)
	
>How-To-Repeat:
	Enable tftpd in inetd.conf, with a user id set to something
	other than 'root' (or any other user with uid 0).

>Fix:
	None provided.
>Audit-Trail:
>Unformatted: