Debian Bug report logs - #245017
tftpd-hpa: Fails with "cannot set groups for user nobody"

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Erik de Castro Lopo <erikd@sensorynetworks.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tftpd-hpa: Fails with "cannot set groups for user nobody"

Date: Wed, 21 Apr 2004 11:13:14 +1000

Package: tftpd-hpa
Version: 0.36-1
Severity: grave
Justification: renders package unusable



-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.24
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to POSIX)

Versions of packages tftpd-hpa depends on:
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra

-- no debconf information

Trying to use tftpd-hpa to netboot a x86 Linux machine. The netbooting machine
gets a DHCP address and attempts to connect to tftpd but this fails. In syslog
I get a set of messages like this:

    Apr 21 10:30:53 ook in.tftpd[30760]: cannot set groups for user nobody
    Apr 21 10:30:53 ook in.tftpd[30761]: cannot set groups for user nobody
    Apr 21 10:30:55 ook in.tftpd[30762]: cannot set groups for user nobody

I had a look at the code and the relevant area is this:

  setrv = initgroups(user, pw->pw_gid);
  if ( setrv ) {
    syslog(LOG_ERR, "cannot set groups for user %", user);
    exit(EX_OSERR);
  }

By adding a bit of debugging code I figured out that initgroups was failing
with an EPERM. This is a bit odd because when inetd starts in.tftpd it is
already running as nobody:nogroup and the initgroups call is only asking it
to be set to nogroup. Maybe this is a bug in the initgroups() function.

I've now hacked the code by commenting out the exit() statement above and
the netboot machine can now grab pxelinux.0. I can understand if this not
the right solution, but it worked for me ;-).

Message #10 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Jaakko Niemi <liiwi@lonesom.pp.fi>

To: Erik de Castro Lopo <erikd@sensorynetworks.com>

Cc: 245017@bugs.debian.org, control@bugs.debian.org

Subject: Re: Bug#245017: tftpd-hpa: Fails with "cannot set groups for user nobody"

Date: Sun, 23 May 2004 12:01:03 +0300

severity 245017 normal
tags 245017 moreinfo, unreproducible
thanks

On Wed, 21 Apr 2004, Erik de Castro Lopo wrote:
> By adding a bit of debugging code I figured out that initgroups was failing
> with an EPERM. This is a bit odd because when inetd starts in.tftpd it is
> already running as nobody:nogroup and the initgroups call is only asking it
> to be set to nogroup. Maybe this is a bug in the initgroups() function.

 Just about only way initgroups() can get EPERM is if it cannot read
 /etc/group. What permissions do you have on that file?

			--j

Message #19 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Erik de Castro Lopo <erikd@sensorynetworks.com>

To: 245017@bugs.debian.org

Subject: Re: Bug#245017: tftpd-hpa: Fails with "cannot set groups for user nobody"

Date: Tue, 25 May 2004 07:38:58 +1000

On Sun, 23 May 2004 12:01:03 +0300
Jaakko Niemi <liiwi@lonesom.pp.fi> wrote:

> severity 245017 normal
> tags 245017 moreinfo, unreproducible
> thanks
> 
> On Wed, 21 Apr 2004, Erik de Castro Lopo wrote:
> > By adding a bit of debugging code I figured out that initgroups was failing
> > with an EPERM. This is a bit odd because when inetd starts in.tftpd it is
> > already running as nobody:nogroup and the initgroups call is only asking it
> > to be set to nogroup. Maybe this is a bug in the initgroups() function.
> 
>  Just about only way initgroups() can get EPERM is if it cannot read
>  /etc/group. What permissions do you have on that file?


    ctest:~# ls -l /etc/group
    -rw-r--r--    1 root     root          488 May  4 20:17 /etc/group

so it should be able to read it.

Erik
-- 
------------------------------------------------------
[N] Erik de Castro Lopo, Senior Computer Engineer
[E] erik.de.castro.lopo@sensorynetworks.com
[W] http://www.sensorynetworks.com
[T] +61 2 83022726 
[F] +61 2 94750316 
[A] L4/140 William St, East Sydney NSW 2011, Australia
------------------------------------------------------
A good debugger is no substitue for a good test suite.

Message #24 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Matthew Garrett <mjg59@srcf.ucam.org>

To: 245017@bugs.debian.org

Date: Mon, 31 May 2004 20:04:41 +0100

The failure goes away if a group called "nobody" is added to /etc/group.
-- 
Matthew Garrett | mjg59@srcf.ucam.org

Message #34 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Martin Michlmayr <tbm@cyrius.com>

To: 245017@bugs.debian.org

Subject: me too

Date: Tue, 10 Aug 2004 22:13:20 +0100

I just saw this bug too.  Please investigate some more.
-- 
Martin Michlmayr
tbm@cyrius.com

Message #39 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Jaakko Niemi <liiwi@lonesom.pp.fi>

To: Martin Michlmayr <tbm@cyrius.com>, 245017@bugs.debian.org

Subject: Re: Bug#245017: me too

Date: Wed, 11 Aug 2004 10:46:04 +0300

On Tue, 10 Aug 2004, Martin Michlmayr wrote:
> I just saw this bug too.  Please investigate some more.

 Behaviour of setgroups() seems to depend whether the code
 is executed as root or not. This seems like upstream bug,
 setgroups should not be called at that point unless ran
 as root. As a workaround you can start as daemon and
 have tftpd-hpd chroot and drop permissions from there.

 			--j

Message #44 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Martin Pool <mbp@sourcefrog.net>

To: 245017@bugs.debian.org

Subject: tftpd-hpa #245017 reproducible for me too

Date: Fri, 13 Aug 2004 17:53:49 +1000

[Message part 1 (text/plain, inline)]

This is reproducible for me too. 

initgroups seems to call syscall setgroups32() regardless of whether
the process is root or not, and regardless of whether the process
already has the requested groups.  setgroups32() fails with EPERM if
the process is not root, even if the groups are already as requested.
(Seems reasonable to me.)  Thus the failure.

It works OK if inetd.conf is changed to run tftpd as root, as Jaakko
said.

So the fix is either

 0- Just document that it has to be started as root, and make the
    install script do that.

 1- Change tftpd so that if it's started as non-root, it doesn't try
    to chroot, change privileges, etc.

0 is easier; 1 is probably neater.

I'm going to change the tags to that effect.

-- 
Martin 

[signature.asc (application/pgp-signature, inline)]

Message #53 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Martin Pool <mbp@sourcefrog.net>

To: Jaakko Niemi <liiwi@lonesom.pp.fi>

Cc: 245017@bugs.debian.org

Subject: Re: Processed: 245017

Date: Sat, 14 Aug 2004 07:54:56 +1000

[Message part 1 (text/plain, inline)]

On 13 Aug 2004, Jaakko Niemi <liiwi@lonesom.pp.fi> wrote:
> > Processing commands for control@bugs.debian.org:
> > > tags 245017 patch upstream
> 
>  Patch?

Run it as root.

OK, not an actual patch I know, but the fix is known.  I can write a
patch on Monday if you like.

--
Martin

[signature.asc (application/pgp-signature, inline)]

Message #62 received at 245017@bugs.debian.org (full text, mbox, reply):

From: seph <seph@directionless.org>

To: 245017@bugs.debian.org

Subject: Bug#245017: still a bug

Date: Mon, 02 May 2005 14:57:34 -0400

I just ran into this. It's really annoying, since I was coming from a
working tftpd, and changed to tftpd-hpa at the advice of the the
debian installer docs. Leaving this in a broken state seems poor.

seph

Message #67 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Pádraig Brady <P@draigBrady.com>

To: 245017@bugs.debian.org

Subject: some notes

Date: Tue, 17 Apr 2007 14:28:47 +0100

Just a few points that I figured out about running tftp-hpa on sarge
which were not explained in the bug.

The tftpd-hpa man page states that "the server should be set
to run as the user with the lowest possible privilege"
It's OK (and necessary) to get inetd to run in.tftpd as root though,
as in.tftpd will itself change user to "nobody" by default,
or to whatever is passed in the -u argument.

A quick note on file permissions is that
tftp by default doesn't allow creating files and only
allows writes to existing files when o+w set.

A separate thing I noticed that the '-l' option was specified in
/etc/default/tftpd-hpa?
This is standalone (listen) mode, which would conflict with the server
started by inetd?

Pádraig.

Message #72 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Jean-Christophe Baptiste <jc@phocean.net>

To: 245017@bugs.debian.org

Subject: not patched yet ?

Date: Mon, 12 Jan 2009 12:40:41 +0100

Hi,

What is the status of this bug ?
I encountered it, and it is very annoying to have this service running as
root in a production environment.

I wish to configure it properly soon.

Thanks in advance,

Best regards,
Jean-Christophe Baptiste

Message #77 received at 245017@bugs.debian.org (full text, mbox, reply):

From: Humming Bear <hummingbear@hotmail.com>

To: <245017@bugs.debian.org>

Subject: I second that....but

Date: Thu, 29 Jan 2009 16:47:29 +0100

[Message part 1 (text/plain, inline)]

Hi,

I would also like the possibility to run as non-root. But i'm affaid that as long as Linux applications need root permission to listen on any network port below 1024, this is not going to happen.

Your alternative's are:
* use the -a :2048 flag to specify a higher port number to listen on.
* use the -u username option to run as a different user (at least for user commands and file handling)

I recently choose the latter option and it gave me the warm fuzzy feeling any security conscious admin likes.
Greets
Michel


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[Message part 2 (text/html, inline)]

Message #82 received at 245017-close@bugs.debian.org (full text, mbox, reply):

From: Daniel Baumann <daniel@debian.org>

To: 245017-close@bugs.debian.org

Subject: Bug#245017: fixed in tftp-hpa 5.0-2

Date: Sun, 19 Jul 2009 23:32:07 +0000

Source: tftp-hpa
Source-Version: 5.0-2

We believe that the bug you reported is fixed in the latest version of
tftp-hpa, which is due to be installed in the Debian FTP archive:

tftp-hpa_5.0-2.diff.gz
  to pool/main/t/tftp-hpa/tftp-hpa_5.0-2.diff.gz
tftp-hpa_5.0-2.dsc
  to pool/main/t/tftp-hpa/tftp-hpa_5.0-2.dsc
tftp-hpa_5.0-2_i386.deb
  to pool/main/t/tftp-hpa/tftp-hpa_5.0-2_i386.deb
tftpd-hpa_5.0-2_i386.deb
  to pool/main/t/tftp-hpa/tftpd-hpa_5.0-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 245017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <daniel@debian.org> (supplier of updated tftp-hpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 20 Jul 2009 01:27:27 +0200
Source: tftp-hpa
Binary: tftp-hpa tftpd-hpa
Architecture: source i386
Version: 5.0-2
Distribution: unstable
Urgency: low
Maintainer: Daniel Baumann <daniel@debian.org>
Changed-By: Daniel Baumann <daniel@debian.org>
Description: 
 tftp-hpa   - HPA's tftp client
 tftpd-hpa  - HPA's tftp server
Closes: 245017
Changes: 
 tftp-hpa (5.0-2) unstable; urgency=low
 .
   * Adding forgotten bug numbers to previous changelog entry.
   * Now running always as unprivileged user (Closes: #245017).
Checksums-Sha1: 
 0158c6de598ec13eb9238dea4ff362df130cbc71 1147 tftp-hpa_5.0-2.dsc
 5ad788143fe64ba23980ab7550ba81650fbf8cef 12268 tftp-hpa_5.0-2.diff.gz
 3b1fc2d2cbc8ef30aa869ba2fcb1fb933254c6e3 24354 tftp-hpa_5.0-2_i386.deb
 0ebc5c41a7beec6e1606f7ed0ee1bf6d8f27ff14 38802 tftpd-hpa_5.0-2_i386.deb
Checksums-Sha256: 
 bc9b1622fab7f2bb0019ea9ed63183d9afb6ab1888ef47151f7601aadd51a433 1147 tftp-hpa_5.0-2.dsc
 24efc0f88b090b14d4ffdcd0a30855a7163b8797f5caa534a5fd10b261881784 12268 tftp-hpa_5.0-2.diff.gz
 9593560086c8ebf60edd605c85ec30aec60fcb1e5c25030df07107c558a220d9 24354 tftp-hpa_5.0-2_i386.deb
 0232f60bd1456baeb3fff2034c79e4460bd7ba8ddb569b04bc4bb6a9f14a9c14 38802 tftpd-hpa_5.0-2_i386.deb
Files: 
 287746cd87c94f105c49d4a471452fe4 1147 net extra tftp-hpa_5.0-2.dsc
 ac0660a92d3fde1e11062f8cdbb30d48 12268 net extra tftp-hpa_5.0-2.diff.gz
 00a3f1cd2e0d32d54479b53b7ac74a69 24354 net extra tftp-hpa_5.0-2_i386.deb
 3d2495e8666a92d9c5bb45f09a62a5d5 38802 net extra tftpd-hpa_5.0-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpjrJIACgkQ+C5cwEsrK54JKwCgwUn3LOk4lQ9TBdNdppNlZHFz
VvcAnitAZVOqu/hp43eGs6ZoPHoBOsZr
=Vdxa
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.