Bug ID: 1013565
Summary: atftp daemon runs as root
Product: openSUSE Distribution
Version: Leap 42.2
Priority: P5 - None
QA Contact: qa-bugs(a)suse.de
Found By: ---
A standard install of the atftpd package will run the daemon root, despite the
clear intentions (sysconfig file, and options passed in service unit) to have
it run as tftp.
This is problematic because it allows tftp clients to overwrite all files
served by atftpd, and to upload new ones, completely disregarding permissions
set on directories and files under /srv/tftpboot.
In my tests I let the service start via socket activation.
You are receiving this mail because:
You are on the CC list for the bug.