Subject: Re: tftpd: writing files with relative pathnames?
To: Michael K. Sanders <msanders@confusion.net>
From: Jan B. Koum <jkb@best.com>
List: current-users
Date: 10/27/1998 12:44:51
On Tue, Oct 27, 1998 at 12:02:12PM -0700, "Michael K. Sanders" <msanders@confusion.net> wrote:
> In message <199810271501.KAA20533@Twig.Rodents.Montreal.QC.CA>, der Mouse write
> s:
> >>> if (mode != RRQ || !strncmp(filename, "../", 3))
> >>> return (EACCESS);
> >
> >Actually, it should be corrected by adding a note like "File names
> >beginning with `../' are also disallowed except for read requests".
>
> But that's only part of what the code does. ANY write request for a
> file name that does not begin with the '/' character is disallowed,
> including a plain filename with no directory components at all.
>
> This is why I brought this up in the first place. That behavior is
> not in the FreeBSD tftpd, and I don't understand why it was added.
> Presumably there's a good explanation, but it should be documented
> correctly in the man page at least.
>
Are you sure it is not in FreBSD? I see:
if (!strncmp(filename, "../", 3))
return (EACCESS);
around line 417 of /usr/src/libexec/tftpd/tftpd.c on 2.2.7-STABLE
Maybe you are using an older version?
-- Yan