Subject: Re: tftpd: writing files with relative pathnames?
To: Michael K. Sanders <>
From: Jan B. Koum <>
List: current-users
Date: 10/27/1998 12:44:51
On Tue, Oct 27, 1998 at 12:02:12PM -0700, "Michael K. Sanders" <> wrote:
> In message <199810271501.KAA20533@Twig.Rodents.Montreal.QC.CA>, der Mouse write
> s:
> >>>         if (mode != RRQ || !strncmp(filename, "../", 3))
> >>>             return (EACCESS);
> >
> >Actually, it should be corrected by adding a note like "File names
> >beginning with `../' are also disallowed except for read requests".
> But that's only part of what the code does.  ANY write request for a 
> file name that does not begin with the '/' character is disallowed,
> including a plain filename with no directory components at all.
> This is why I brought this up in the first place.  That behavior is
> not in the FreeBSD tftpd, and I don't understand why it was added.
> Presumably there's a good explanation, but it should be documented
> correctly in the man page at least.

	Are you sure it is not in FreBSD? I see:

                if (!strncmp(filename, "../", 3))
                        return (EACCESS);

	around line 417 of /usr/src/libexec/tftpd/tftpd.c on 2.2.7-STABLE
	Maybe you are using an older version?

-- Yan