This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [ITP] tftp-hpa 5.0

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin-apps at cygwin dot com
Date: Mon, 4 Oct 2010 11:28:18 +0200
Subject: Re: [ITP] tftp-hpa 5.0
References: <4CA42DB5.3050109@siemens.com> <4CA4406D.1040200@cwilson.fastmail.fm> <4CA5F18E.5040005@siemens.com> <4CA6029A.9020201@cwilson.fastmail.fm> <4CA98F44.5010701@siemens.com>
Reply-to: cygwin-apps at cygwin dot com

On Oct  4 10:24, Gernot Hillier wrote:
> Am 01.10.2010 17:47, schrieb Charles Wilson:
> >Also, the whole *point* of obsoleting inetutil's version is because
> >it is not capable of support IPv6 -- but tftp-hpa is.
> >
> >So, I really think you should enable IPv6.  Now, that means a lot of
> >new porting work, because there are ALWAYS issues with porting IPv6
> >networking to cygwin/win32...see the rsh package's patches (also,
> >xinetd).

Chuck, for the dumb of us, can you please reiterate in a few words
what problems you're talking about?  I'm kind of in trouble to think
of any Cygwin-specific IPv6 problem apart from some border cases.
I have at least two packages which I use IPv6 with, openssh and
syslog-ng, and I have no trouble with them.

> We can for sure try to re-enable and fix all these issues, but as for
> you, my time for these tasks is also quite limited and I can't promise
> quick results here...

IMHO a new tftp only makes sense if it has some visible advantages
over the old one.  Tcpwrappers, readline and IPv6 shouldn't be that
tricky.

But we're all volunteers here.  If it's not a security related problem,
we're not asking for "quick".

> Hmmm, anyone running tftpd should know that (s)he should protect it from
> any productive network as it's insecure by design. In my eyes, putting
> tftpd behind an effective firewall is just the right answer here. Any
> effort spent to improve tftpd's security concept *if you don't trust his
> peers* will only raise the security bar from 10 to 12% IMHO.

Nevertheless, running tftp with admin privileges is not a good idea.
Maybe you should at least try to seteuid to uid 501, the default uid
for the "Guest" user.

> >We should probably take additional discussions offline, just to keep
> >from annoying the list with ongoing development.
> 
> Sure. I'll come back to you via private mail as soon as I had a
> detailed look on all your points...

I disagree.  We already had a lot of discussion about porting packages
to the Cygwin distro on this list.  It might be worth to keep it here,
unless the two of you want to share secrets :)

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Follow-Ups:
- Re: [ITP] tftp-hpa 5.0
  - From: Charles Wilson

References:
- Re: [ITP] tftp-hpa 5.0
  - From: Gernot Hillier
- Re: [ITP] tftp-hpa 5.0
  - From: Charles Wilson
- Re: [ITP] tftp-hpa 5.0
  - From: Gernot Hillier

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]