TFTP

The TFTP server delivers files to any requester without user authentication. It should be configured to limit the files it attempts to access. All file access is done under its own user identity. Clients can get files that are publicly readable and have security labels that the TFTP server dominates. Clients can put existing files that are publicly writable and have a security label that dominates the TFTP server's security label.

Requirement: You must run a separate instance of TFTP for each security label you need to support.

In a CINET environment, you should establish stack affinity to the intended server stack prior to starting each instance of TFTP.

Guideline: Ensure that files and directories have appropriate security labels prior to using the TFTP server. Be especially careful not to have publicly writable files with a SYSMULTI security label, to eliminate the possibility of two users with different security labels (including two TFTP servers) passing data through the file.
Parent topic: Trusted single-level secure server applications