Cygwin TFTPD无法降低特权?
我正在两台Win10机器,一个房屋和一台专业人士上运行Cygwin64。我的软件使用TFTPD从网络同行接收CSV。 TFTPD从INIT(软件包SYSVINIT)运行:
td:2345:respawn:/usr/sbin/tftpd -vvvvv -L -c -p -u Larry -U 000 -s /tmp
没有Xinetd运行,没有Xinetd或TFTP配置文件。在我的开发系统的Win10家庭系统上,这起作用。 在Win10 Pro系统上,它失败了。客户时间。 /var/log/sagess(syslog-ng)中没有条目。 Windows应用程序日志说:“不能丢弃特权:不允许操作”
当我停止init并在外壳中运行该命令行时,它可以工作,客户可以将文件传输到中。但是我的系统需要对init的重生管理。该模式是在12年前与Win7上的Cygwin32建立的。我的客户现在正在更新PC,我们有这种故障。如果我现在正在开发,我会将功能放在RASPI上,但这只是PC更改。
任何人都可以推荐配置以在Win10 pro下的cygwin下的init下执行TFTPD,以接近用户外壳中同一命令行的执行?
编辑1:我也尝试了SUID。 tftpd.exe归用户帐户,而不是系统或cygwin对根的所有。 SUID不会以解决问题的方式设置权限。
编辑2:将cygdrop添加到Inittab系列无济于事。
I am running Cygwin64 on two Win10 machines, one Home and one Pro. My software uses tftpd to receive a CSV from a network peer. tftpd is run from init (package sysvinit) with this line:
td:2345:respawn:/usr/sbin/tftpd -vvvvv -L -c -p -u Larry -U 000 -s /tmp
There is no xinetd running, no xinetd or tftp configuration file that I know of. On the Win10 Home system, which is my development system, this works. On the Win10 Pro system, it fails. The client times out. There is no entry in /var/log/messages (syslog-ng). Windows Application Log says "Cannot drop privileges: operation not permitted"
When I stop init and run that command line in a shell, it works and clients can transfer files in. But my system needs the respawn management of init. The pattern was set 12 years ago with Cygwin32 on Win7. My customer is now updating the PC and we have this glitch. If I were developing now, I would put the function on a raspi, but this is just a PC change.
Can anyone recommend a configuration to get the execution of tftpd under init under cygwin under Win10 Pro closer to that of the same command line in a user shell?
Edit 1: I also tried suid. tftpd.exe is owned by the user account, not SYSTEM or whatever cygwin has for root. Suid does not set permissions in a way that solves the problem.
Edit 2: adding cygdrop to the inittab line does not help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
简短版本:
删除
tftp和tftp-server,并安装inetutils-server和intetutilsfor Old版本。运行TFTPD时删除
-U用户标志。旧的TFTP版本不需要删除特权。
更长的故事:
我尝试在您离开的地方捡起,找到了一些资源……浪费了几个小时。
来自
/usr/share/doc/cygwin/tftp.readme运行
tftpd-config创建无私人的本地帐户TFTPD。之后,我仍然无法运行它。我尝试了
NET用户TFTPD /Active:是< /code>,发现现在创建了用户,但需要更新密码以满足策略要求。我创建了一个密码,并能够启用用户。仍然失败:
$/usr/sbin/tftpd -vvv -c -c -l -p -u 022 -u tftpd -s/tftpboot。Windows仍然说没有用户TFTPD。
从我的Xinetd安装中,我记得服务命名是Computername+帐户。我将我的命令修改为
$/usr/sbin/tftpd -vvv -c -c -l -p -u 022 -u mycomputer+tftpd -s/tftpboot现在运行!尝试将文件推到我的计算机仍然失败。 Windows应用程序日志现在说
TFTPD:PID 2467:无法删除特权:我也放弃了操作我也放弃了。
我确实在
/usr/share/doc/cygwin/tftp.readme中找到了,所以我删除了TFTP,并安装了Inetutils-Server和Inetutils,以换取旧版本的TFTPD。
删除
-u用户标志繁荣!作品。Short version:
Remove
tftpandtftp-server, and installinetutils-serverandinetutilsfor the old version.Remove
-u USERflag when running tftpd.The old tftp version doesn't require dropping privilege.
Longer story:
I tried picking up where you left off, found some resources... wasted hours.
From
/usr/share/doc/Cygwin/tftp.READMErun
tftpd-configto create the unprivileged local account tftpd.After this, I still couldn't run it. I tried
net user tftpd /active:YESand found that the user is now created but needs the password updated to meet policy requirements. I created a password and was able to enable the user.Still fails:
$ /usr/sbin/tftpd -vvv -c -L -p -U 022 -u tftpd -s /tftpboot.Windows still says no user tftpd.
From my xinetd install, I recall that the service nomenclature is computername+account. I modify my command to
$ /usr/sbin/tftpd -vvv -c -L -p -U 022 -u mycomputer+tftpd -s /tftpbootand it now runs!Attempting to push a file to my computer still fails. Windows application logs now say
tftpd: PID 2467: cannot drop privileges: Operation not permittedI gave up too.
I did find in the
/usr/share/doc/Cygwin/tftp.READMESo I removed tftp, and installed inetutils-server and inetutils in favor of the old version of tftpd.
Removed
-u USERflag BOOM! Works.猜猜这将是另一个滚草。在磨削的3天内,我没有发现好的答案。这个问题似乎涉及Windows中的域与本地用户,以及Cygwin如何与Windows用户数据库进行交互。我最终在从用户登录时开始的无限循环批处理文件中运行了TFTP服务器,但很容易杀死顶级外壳。在此过程中,我重新编译了TFTPD -HPA用于Cygwin,并评论了用户ID更改 - 它在我的PC上起作用,但不适用于客户。如果他们在解决方案方面有问题,我可能只是将其重新定位到Raspi。
Guess this one will be another tumbleweed. I found no good answers in 3 days of grinding. The problem seems to involve domain vs. local users in Windows, and how Cygwin interacts with the Windows user database, whatever that is. I ended up running the tftp server in an infinite-looping batch file that starts at user login, but is vulnerable to somebody killing the top level shell. Along the way, I recompiled tftpd-hpa for Cygwin and commented out the user ID change - that worked on my PC but not the customer's. If they have problems with the solution I may just retarget to raspi.