UNOFFICIAL SECURITY NOTIFICATION
Jeffrey Mogul
mogul at decwrl.dec.com
Sat Oct 21 10:19:14 AEST 1989
In article <2781 at decuac.DEC.COM> avolio at decuac.DEC.COM (Frederick M. Avolio) writes:
>More unoffcial suggested steps (these from a CERT Advisory):
>
> 7) Disable or modify the tftpd program so that anonymous access to
> the file system is prevented.
Note that people who are using the Ultrix 3.0 (or later) version of
"tftpd" should be able to use the "-r" (restricted root) flag to limit
access to a subtree of the file system. This is essentially the same
mechanism as is supported by the ftpd server to limit anonymous ftp access.
Unfortunately, I believe that some people didn't receive a properly
updated manual page for tftpd; the syntax to use in /etc/inetd.conf is:
tftp dgram udp nowait /usr/etc/tftpd tftpd -r /local/bootfiles
for example (you can see that we only use TFTP for bootloading).
-Jeff
More information about the Comp.unix.ultrix
mailing list