Subject: Re: tftpd: writing files with relative pathnames?
To: Michael K. Sanders <firstname.lastname@example.org>
From: Jan B. Koum <email@example.com>
Date: 10/27/1998 12:44:51
On Tue, Oct 27, 1998 at 12:02:12PM -0700, "Michael K. Sanders" <firstname.lastname@example.org> wrote:
> In message <199810271501.KAA20533@Twig.Rodents.Montreal.QC.CA>, der Mouse write
> >>> if (mode != RRQ || !strncmp(filename, "../", 3))
> >>> return (EACCESS);
> >Actually, it should be corrected by adding a note like "File names
> >beginning with `../' are also disallowed except for read requests".
> But that's only part of what the code does. ANY write request for a
> file name that does not begin with the '/' character is disallowed,
> including a plain filename with no directory components at all.
> This is why I brought this up in the first place. That behavior is
> not in the FreeBSD tftpd, and I don't understand why it was added.
> Presumably there's a good explanation, but it should be documented
> correctly in the man page at least.
Are you sure it is not in FreBSD? I see:
if (!strncmp(filename, "../", 3))
around line 417 of /usr/src/libexec/tftpd/tftpd.c on 2.2.7-STABLE
Maybe you are using an older version?