Subject: Re: tftpd: writing files with relative pathnames?
To: Michael K. Sanders <>
From: Andrew Gillham <>
List: current-users
Date: 10/27/1998 16:46:10
Michael K. Sanders writes:
> But that's only part of what the code does.  ANY write request for a 
> file name that does not begin with the '/' character is disallowed,
> including a plain filename with no directory components at all.
> This is why I brought this up in the first place.  That behavior is
> not in the FreeBSD tftpd, and I don't understand why it was added.
> Presumably there's a good explanation, but it should be documented
> correctly in the man page at least.

IMHO, this is just plain wrong for the '-s /tftpboot' case.  The
whole point of specifying a '-s' is that that directory is chroot'ed.
Once it is chroot'ed, how is is possible for the '../' whatever type
exploits to be used?  A sun can't be netbooted with an  unpatched
tftpd, as the PROM requests a file like this: "AC100101.SUN4M", which
causes an access violation.

Andrew Gillham                            | This space left blank                     | inadvertently.
I speak for myself, not for my employer.  | Contact the publisher.