[Bug 1188827] [NEW] User option (-u or --user) is ignored

Rodney Beede 1188827 at bugs.launchpad.net
Fri Jun 7 21:04:30 UTC 2013 

*** This bug is a security vulnerability ***

Public security bug reported:

Tested in Ubuntu 12.04 and 13.04.

The --user, -u, or /etc/default/tftpd-hpa TFTP_USERNAME="tftp" options
are ignored when running the tftpd-hpa service.

I pulled the source with wget
https://www.kernel.org/pub/software/network/tftp/tftp-hpa/tftp-
hpa-5.2.tar.xz and compiled.

Ran with

/root/tftp-hpa-5.2/tftpd/tftpd --listen -u nobody --address 0.0.0.0:69
--secure /var

Result was

root at ubuntu:/var/log# ps -ef | grep tftpd
root      7955     1  0 13:55 ?        00:00:00 /root/tftp-hpa-5.2/tftpd/tftpd --listen -u nobody --address 0.0.0.0:69 --secure /var


I expected the process uid to be that of "nobody".  Killing the process and trying again I also looked at /proc to see what it thought about it:

root at ubuntu:/var/log# cat /proc/8037/task/8037/status
Name:   tftpd
State:  S (sleeping)
Tgid:   8037
Pid:    8037
PPid:   1
TracerPid:      0
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 64
Groups: 0
VmPeak:    13048 kB
VmSize:    13048 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:       140 kB
VmRSS:       140 kB
VmData:      444 kB
VmStk:       136 kB
VmExe:        32 kB
VmLib:      2140 kB
VmPTE:        44 kB
VmSwap:        0 kB
Threads:        1
SigQ:   0/31432
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000010000
SigCgt: 0000000000004003
CapInh: 0000000000000000
CapPrm: 0000001fffffffff
CapEff: 0000001fffffffff
CapBnd: 0000001fffffffff
Seccomp:        0
Cpus_allowed:   ffffffff,ffffffff
Cpus_allowed_list:      0-63
Mems_allowed:   00000000,00000001
Mems_allowed_list:      0
voluntary_ctxt_switches:        1
nonvoluntary_ctxt_switches:     0

** Affects: tftp-hpa (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: tftp

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tftp-hpa in Ubuntu.
https://bugs.launchpad.net/bugs/1188827

Title:
  User option (-u or --user) is ignored

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tftp-hpa/+bug/1188827/+subscriptions

More information about the Ubuntu-server-bugs mailing list