Subject: Re: tftpd: writing files with relative pathnames?
To: Andrew Gillham <>
From: Andrew Gillham <>
List: current-users
Date: 10/27/1998 18:29:21
Andrew Gillham writes:
> IMHO, this is just plain wrong for the '-s /tftpboot' case.  The
> whole point of specifying a '-s' is that that directory is chroot'ed.
> Once it is chroot'ed, how is is possible for the '../' whatever type
> exploits to be used?  A sun can't be netbooted with an  unpatched
> tftpd, as the PROM requests a file like this: "AC100101.SUN4M", which
> causes an access violation.

Sorry, I was confused.  The check for '/' is only in the write case,
so the sun prom netboot is not affected.  Regardless the check for
a leading '/' seems incorrect when already chroot'ed.

Andrew Gillham                            | This space left blank                     | inadvertently.
I speak for myself, not for my employer.  | Contact the publisher.