| Bug ID | 1013565 |
|---|---|
| Summary | atftp daemon runs as root |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | x86-64 |
| OS | Other |
| Status | NEW |
| Severity | Major |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | seroton10@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
A standard install of the atftpd package will run the daemon root, despite the clear intentions (sysconfig file, and options passed in service unit) to have it run as tftp. This is problematic because it allows tftp clients to overwrite all files served by atftpd, and to upload new ones, completely disregarding permissions set on directories and files under /srv/tftpboot. In my tests I let the service start via socket activation.