Missing Software ?
news
news at helens.Stanford.EDU
Tue Oct 2 08:46:56 AEST 1990
We used a remote tape drive to upgrade those systems without tape
drive, and we had to modify /usr/etc/inetd.conf
from:
tftp dgram udp wait guest /usr/etc/tftpd tftpd -s /usr/local/boot
to:
tftp dgram udp wait guest /usr/etc/tftpd tftpd
otherwise we will get TFTP error.
Hope this mail can save you two~three days of time. GOOD LUCK!!!
Be advised that if you are on the Internet, running tftpd without the
"-s /usr/local/boot" option allows anyone on the Inernet (from
Australia to Peoria to Germany) to access any publicly readable file
on the system, including /etc/passwd. So anyone doing this may want
to change inetd.conf back after the installation is done. A better
solution would be to copy all the required files (whatever they may
be) to a tree under /usr/local/boot.
It's good to see SGI is improving the default security on their
systems. A couple years ago, there was no "chroot" flag for tftpd,
and the diag account (uid=0, shell=/bin/csh) didn't come with a
password. Many SGI owners (at least around here) didn't bother or
think one was necessary. (SGI was not alone in this. Sun's old
sysdiag (uid=0, shell=sysdiag) account had even more problems since
many sysadmins were under the impression that sysdiag was "secure,"
which it was not in the least.)
Moral: if you don't know what the account does, put a password on it.
Jim Helman
Department of Applied Physics Durand 012
Stanford University FAX: (415) 725-3377
(jim at KAOS.stanford.edu) Work: (415) 723-9127
More information about the Comp.sys.sgi
mailing list