PXE Error: Only absolute filenames allowed

Bug #544377 reported by TJ
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
tftp-hpa (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: tftp-hpa

I've just upgraded a rarp/bootp/tftp PXE server that hosts bootable images for the LAN from Karmic to Lucid using:

do-release-upgrade -d

Prior to the upgrade it worked fine. After the upgrade PXE clients report:

Only absolute filename allowed
TFTP Error - Access Violation

Running a network sniffing session I see:

sudo tcpdump -ni eth0 -v -T tftp 'udp'
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:14:33.056751 IP (tos 0x0, ttl 20, id 2, offset 0, flags [none], proto UDP (17), length 55)
    10.254.251.95.2070 > 10.254.251.2.69: 27 RRQ "pxelinux.0" octet tsize 0
18:14:33.062219 IP (tos 0x0, ttl 64, id 9743, offset 0, flags [none], proto UDP (17), length 64)
    10.254.251.2.48777 > 10.254.251.95.2070: 36 ERROR EACCESS "Only absolute filenames allowed"
18:14:33.063885 IP (tos 0x0, ttl 20, id 3, offset 0, flags [none], proto UDP (17), length 60)
    10.254.251.95.2071 > 10.254.251.2.69: 32 RRQ "pxelinux.0" octet blksize 1456
18:14:33.069505 IP (tos 0x0, ttl 64, id 9744, offset 0, flags [none], proto UDP (17), length 64)
    10.254.251.2.39907 > 10.254.251.95.2071: 36 ERROR EACCESS "Only absolute filenames allowed"

Tags: security
Revision history for this message
TJ (tj) wrote :

The issue is caused because the tftpd-hpa --secure flag is not being used. I've added it to /etc/default/tftpd-hpa:

TFTP_OPTIONS="-s"

Now I see:

sudo tcpdump -ni eth0 -v -T tftp 'udp'
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:25:50.528436 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 47)
    10.254.251.51.42972 > 10.254.251.2.69: 19 RRQ "pxelinux.0" octet
18:25:50.551265 IP (tos 0x0, ttl 64, id 31434, offset 0, flags [none], proto UDP (17), length 544)
    10.254.251.2.44414 > 10.254.251.51.42972: 516 DATA block 1
18:25:50.553521 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 32)
    10.254.251.51.42972 > 10.254.251.2.44414: 4 ACK block 1
...

summary: - PXe Error: Only absolute filenames allowed
+ PXE Error: Only absolute filenames allowed
Revision history for this message
helix84 (helix84) wrote :

Thanks for identifying the issue and suggesting the fix. I'd consider this a regression - PXE boot stopped working and this must be fixed on the server side - one cannot change the PXE client which is usually in firmware. Could this be SRU-ed?

Revision history for this message
Tim (tc0nn) wrote :

Ubuntu 10.4.4 - in /etc/defaut/tftpd-hpa the option is actually TFTP_OPTIONS="-s", the default config has OPTIONS="....." but that is not the same.

tags: added: security
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in tftp-hpa (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.