Xref: utzoo alt.security:777 comp.protocols.tcp-ip:11599 alt.sys.sun:961
Path: utzoo!attcan!uunet!bu.edu!xylogics!loverso
From: loverso@Xylogics.COM (John Robert LoVerso)
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: tftp (was Re: anonymous ftp, and the dangers thereof)
Message-ID: <9241@xenna.Xylogics.COM>
Date: 7 Jun 90 15:12:55 GMT
References: <1990Apr20.192233.4092@utzoo.uucp> <6721@blake.acs.washington.edu> <BT+2NO5xds13@ficc.uu.net> <PMY$TW?@b-tech.uucp> <3023@unisoft.UUCP> <RANG.90Jun7082318@derby.cs.wisc.edu>
Reply-To: loverso@Xylogics.COM (John Robert LoVerso)
Followup-To: alt.security
Organization: Xylogics, Inc., Burlington MA
Lines: 15
Summary:

And don't be fooled by the fact that the TFTP protocol doesn't include
a list-directory call.  The BSD tftpd will allow [publically readable]
directories to be read, and so a clever user tftp program could use this
to implement an "ls"-style listing.  This can give away the names of
subdirectories you might have in your tftp-area (if you are running
a "secure" tftpd that does a chroot), or let the people walk your
whole filesystem, even if they don't know its layout before hand.

A trivial change to tftpd would prevent the reading of all but plain
files.

John
-- 
John Robert LoVerso			Xylogics, Inc.  617/272-8140 x284
loverso@Xylogics.COM			Annex Terminal Server Development Group