Skip to main content


Showing posts from May, 2011

On Running tftpd (in.tftpd) as a Non-root User (DEPRECATED)

The preferred way of securing tftpd is to use the tftp SELinux targeted policy module. This post is now of historic interest only, I have SELinux enabled, using the targeted policy in enforcing mode. That is the right way of doing things.

On RHEL systems, tftpd is started from xinetd as a root user. The configuration is stored in /etc/xinetd.d/tftp. You may wish to run it as a different user for security purposes.  Let's assume that the tftpd user has been created, with login directory set accordingly to /tftpboot.

There are two ways you could try to set tftpd to run as non-root, and only one of them works. You may try to change the user entry in the xinetd configuration file. This will fail when in.tftpd tries to set its supplementary group to nobody, thus -- if you strace -- the following call fails:
[pid 16429] setgroups32(1, [99]) = -1 EPERM (Operation not permitted)

Instead, you should add the -u parameter to the tftpd's command line in its xinetd config file.
server_args =…

Qt Compilation Woes on Windows

I've had some tough luck compiling latest Qt 4.7.3 on Windows using VS 2008. I wanted to accomplish following:

compile both debug and release builds,have the release build optimized with link time code generation (LTCG),include OpenSSL support,include PostgreSQL support. Nokia offers a prebuilt Qt package, but I wanted to make sure that the build references the most recent VC runtime, and this requires recompilation of everything.

My setup is a VMware Fusion VM with 32 bit Windows XP.

First of all, LTCG requires plenty of memory, and linking/code generation for WebKit will fail on 32 bit windows unless you do the following:

set the VM to have at least 2G of memory,boot with the /3g option in boot.ini -- to do that go to System Properties, Advanced, Startup and Recovery.Settings, Edit the startup options file, and duplicate the existing entry in [operating systems] section, adding /3gb switch before /fastdetect, and change the name of the new boot.ini, reboot the VM, bootl…