Date: Sun, 26 Feb 1995 21:55:17 -0800 From: Paul Traina <pst@Shockwave.COM> To: "Jordan K. Hubbard" <jkh@FreeBSD.org> Cc: security@FreeBSD.org Subject: Re: cvs commit: src/libexec/tftpd tftpd.c Message-ID: <199502270555.VAA02364@precipice.Shockwave.COM> In-Reply-To: Your message of "Sun, 26 Feb 1995 15:28:02 PST." <199502262328.PAA02820@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan, this is a dangerous change. Please back it out until
you also fix the "../" test so that it checks for ".." anywhere in the path.
Paul
From: "Jordan K. Hubbard" <jkh@freebsd.org>
Subject: cvs commit: src/libexec/tftpd tftpd.c
jkh 95/02/26 15:28:01
Modified: libexec/tftpd tftpd.c
Log:
I think the security check to invalidate ALL write requests was just a litt
>>le
excessive, and violates the specification defined in the manpage to boot.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199502270555.VAA02364>