From owner-freebsd-security Sun Feb 26 21:56:42 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id VAA00415 for security-outgoing; Sun, 26 Feb 1995 21:56:42 -0800 Received: from precipice.Shockwave.COM (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id VAA00402; Sun, 26 Feb 1995 21:56:36 -0800 Received: from localhost (localhost [127.0.0.1]) by precipice.Shockwave.COM (8.6.10/8.6.9) with SMTP id VAA02364; Sun, 26 Feb 1995 21:55:17 -0800 Message-Id: <199502270555.VAA02364@precipice.Shockwave.COM> To: "Jordan K. Hubbard" cc: security@FreeBSD.org Subject: Re: cvs commit: src/libexec/tftpd tftpd.c In-reply-to: Your message of "Sun, 26 Feb 1995 15:28:02 PST." <199502262328.PAA02820@time.cdrom.com> Date: Sun, 26 Feb 1995 21:55:17 -0800 From: Paul Traina Sender: security-owner@FreeBSD.org Precedence: bulk Jordan, this is a dangerous change. Please back it out until you also fix the "../" test so that it checks for ".." anywhere in the path. Paul From: "Jordan K. Hubbard" Subject: cvs commit: src/libexec/tftpd tftpd.c jkh 95/02/26 15:28:01 Modified: libexec/tftpd tftpd.c Log: I think the security check to invalidate ALL write requests was just a litt >>le excessive, and violates the specification defined in the manpage to boot.