Subject: Re: tftpd: writing files with relative pathnames?
To: Andrew Gillham <gillhaa@ghost.whirlpool.com>
From: Andrew Gillham <gillhaa@ghost.whirlpool.com>
List: current-users
Date: 10/27/1998 18:29:21
Andrew Gillham writes:
> 
> IMHO, this is just plain wrong for the '-s /tftpboot' case.  The
> whole point of specifying a '-s' is that that directory is chroot'ed.
> Once it is chroot'ed, how is is possible for the '../' whatever type
> exploits to be used?  A sun can't be netbooted with an  unpatched
> tftpd, as the PROM requests a file like this: "AC100101.SUN4M", which
> causes an access violation.

Sorry, I was confused.  The check for '/' is only in the write case,
so the sun prom netboot is not affected.  Regardless the check for
a leading '/' seems incorrect when already chroot'ed.

-Andrew
-- 
-----------------------------------------------------------------
Andrew Gillham                            | This space left blank
gillham@whirlpool.com                     | inadvertently.
I speak for myself, not for my employer.  | Contact the publisher.