From owner-freebsd-security  Sun Feb 26 21:56:42 1995
Return-Path: security-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id VAA00415 for security-outgoing; Sun, 26 Feb 1995 21:56:42 -0800
Received: from precipice.Shockwave.COM (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id VAA00402; Sun, 26 Feb 1995 21:56:36 -0800
Received: from localhost (localhost [127.0.0.1]) by precipice.Shockwave.COM (8.6.10/8.6.9) with SMTP id VAA02364; Sun, 26 Feb 1995 21:55:17 -0800
Message-Id: <199502270555.VAA02364@precipice.Shockwave.COM>
To: "Jordan K. Hubbard" <jkh@FreeBSD.org>
cc: security@FreeBSD.org
Subject: Re: cvs commit: src/libexec/tftpd tftpd.c 
In-reply-to: Your message of "Sun, 26 Feb 1995 15:28:02 PST."
             <199502262328.PAA02820@time.cdrom.com> 
Date: Sun, 26 Feb 1995 21:55:17 -0800
From: Paul Traina <pst@Shockwave.COM>
Sender: security-owner@FreeBSD.org
Precedence: bulk

Jordan, this is a dangerous change.  Please back it out until
you also fix the "../" test so that it checks for ".." anywhere in the path.

Paul


  From: "Jordan K. Hubbard" <jkh@freebsd.org>
  Subject: cvs commit: src/libexec/tftpd tftpd.c
  jkh         95/02/26 15:28:01
  
    Modified:    libexec/tftpd tftpd.c
    Log:
    I think the security check to invalidate ALL write requests was just a litt
>>le
    excessive, and violates the specification defined in the manpage to boot.