Re: bin/43164: tftpd: file upload broken

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,hubertf%NetBSD.org@localhost
Subject: Re: bin/43164: tftpd: file upload broken
From: Takahiro Kambe <taca%back-street.net@localhost>
Date: Fri, 16 Apr 2010 06:25:02 +0000 (UTC)

The following reply was made to PR bin/43164; it has been noted by GNATS.

From: Takahiro Kambe <taca%back-street.net@localhost>
To: hubert%feyrer.de@localhost
Cc: gnats-bugs%NetBSD.org@localhost
Subject: Re: bin/43164: tftpd: file upload broken
Date: Fri, 16 Apr 2010 15:23:22 +0900 (JST)

 In message <alpine.DEB.1.10.1004160808000.21020%calanda.fehu.org@localhost>
        on Fri, 16 Apr 2010 08:08:38 +0200 (CEST),
        Hubert Feyrer <hubert%feyrer.de@localhost> wrote:
 > On Fri, 16 Apr 2010, Takahiro Kambe wrote:
 >> Do you expect to tftpd creating a new file?
 > 
 > When I do "put foo" yes of course I expect it to create a new file
 > "foo".
 Quote from tftpd(8):
 
      The use of tftp(1) does not require an account or password on the remote
      system.  Due to the lack of authentication information, tftpd will allow
      only publicly readable files to be accessed.  Filenames beginning in
      ``../'' or containing ``/../'' are not allowed.  Files may be written to
      only if they already exist and are publicly writable.
 
 It is the specification of tftpd(8) since 4.2BSD.
 
 > That's also what I see from other tftpd implementaitons.
 If you really want to allow tftpd(8) to creating a new file, it should
 be provided as "--insecure" option and not be allowed default.
 
 -- 
 Takahiro Kambe <taca%back-street.net@localhost>

Prev by Date: Re: bin/43164: tftpd: file upload broken
Next by Date: Re: bin/43164 (tftpd: file upload broken)
Previous by Thread: Re: bin/43164: tftpd: file upload broken
Next by Thread: kern/43167: Locking related panic in tmpfs
Indexes:

Home | Main Index | Thread Index | Old Index