Subject: bin/4637 - tftpd "secure" variable is irrelevant
To: None <gcw@pobox.com, gnats-bugs@netbsd.org, current-users@netbsd.org>
From: Alexis Rosen <alexis@panix.com>
List: current-users
Date: 01/30/1999 15:40:14
gcw@pobox.com (Geoff Wing) wrote:
> This patch shouldn't go in as is.  It should _definitely_ check the
> ``secure'' variable before allowing writes of this nature.  There's
> been discussion about this before.

Checking "secure" would be pointless. If it's set, the chroot will have
already been done, and "/" will mean the top level of the chroot. There's
nothing wrong with this. Furthermore, you *still* have to pass access checks:
there must be a file of the same name in the chroot / that's world-writeable.

Looked at another way, any stricture you impose would be obviated simply
by the user asking to write to "/filename" instead of "filename". That's
not useful security.

/a
---
Alexis Rosen   Owner/Sysadmin,
PANIX Public Access Unix & Internet, NYC.
alexis@panix.com