[Dev] tftp changes, adapter mods required
Tristan RHODES
tristanrhodes at weber.edu
Mon Dec 3 10:56:40 CST 2007
Thanks for this fix, Ryan. Unrestricted TFTP uploads could offer an
attack vector by filling up the hard-drive.
Tristan
On Sun, 2007-12-02 at 23:11 -0600, Ryan Kruse wrote:
> In the next ziptie release, the TFTP server will not allow puts unless
> that file already exists in the TFTP root directory. This is to
> prevent unauthorized writes to the server. This option is
> configurable in the osgi-config/network/tftp.properties file using the
> "requireFileExists" property. By default, it will be set to true.
>
> So for anybody creating adapters using TFTP, your adapter must now
> create the file before issuing the command on the device. For
> example....
>
> use ZipTie::Adapters::Utils qw(create_empty_file);
> my $tftp_file_server =
> $connection_path->get_file_server_by_name("TFTP");
> my $config_name = $cli_protocol->get_ip_address() . ".startup-config";
> create_empty_file($tftp_file_server->get_root_dir() .
> "/$config_name");
>
> I will update the adapters that are already in our CVS.
>
> Ryan Kruse | Manager, Open Products
>
>
>
> AlterPoint, Inc. | 301 Congress Ave | Suite 400 | Austin, TX 78701
> o 512.536.8346 | m 512.947.0087
>
>
> _______________________________________________
> Dev mailing list
> Dev at ziptie.org
> http://mailman.ziptie.org/listinfo/dev
More information about the Dev
mailing list