Subject: | |
From: | |
Reply To: | |
Date: | Fri, 17 May 2019 17:37:35 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Fri, May 17, 2019 at 5:08 PM Orion Poplawski <[log in to unmask]> wrote:
> Probably related:
>
> --tftp-secure
> Enable TFTP secure mode: without this, any file which is
> readable by the dnsmasq process under normal unix access-
> control rules is available via TFTP. When the --tftp-secure
> flag is given, only files owned by the user running the dns‐
> masq process are accessible. If dnsmasq is being run as
> root, different rules apply: --tftp-secure has no effect,
> but only files which have the world-readable bit set are
> accessible. It is not recommended to run dnsmasq as root
> with TFTP enabled, and certainly not without specifying
> --tftp-root. Doing so can expose any world-readable file on
> the server to any host on the net.
Just read and sent the same :)
> I'm still surprised it made a difference starting it by hand or by systemd.
+1
dnsmasq runs as "nobody" if "/etc/dnsmasq.conf" doesn't have
"user=foo" or dnsmasq isn't started with "--user=foo" (or "-u foo").
|
|
|