Subject: Re: tftpd: writing files with relative pathnames?
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Michael K. Sanders <>
List: current-users
Date: 10/27/1998 12:02:12
In message <199810271501.KAA20533@Twig.Rodents.Montreal.QC.CA>, der Mouse write
>>>         if (mode != RRQ || !strncmp(filename, "../", 3))
>>>             return (EACCESS);
>Actually, it should be corrected by adding a note like "File names
>beginning with `../' are also disallowed except for read requests".

But that's only part of what the code does.  ANY write request for a 
file name that does not begin with the '/' character is disallowed,
including a plain filename with no directory components at all.

This is why I brought this up in the first place.  That behavior is
not in the FreeBSD tftpd, and I don't understand why it was added.
Presumably there's a good explanation, but it should be documented
correctly in the man page at least.