d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d89aca7618
freebsd-dev/libexec
History
Alan Somers d89aca7618 tftpd: Verify world-writability for WRQ when using relative paths 
tftpd(8) says that files may only be written if they already exist and are
publicly writable.  tftpd.c verifies that a file is publicly writable if it
uses an absolute pathname.  However, if the pathname is relative, that check
is skipped.  Fix it.

Note that this is not a security vulnerability, because the transfer
ultimately doesn't work unless the file already exists and is owned by user
nobody.  Also, this bug does not affect the default configuration, because
the default uses the "-s" option which makes all pathnames absolute.

PR:		226004
MFC after:	3 weeks
2018-03-10 01:35:26 +00:00
..
atf DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
atrun libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
blacklistd-helper DIRDEPS_BUILD: Connect new directories and update dependencies. 2016-06-03 19:25:30 +00:00
bootpd libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
comsat General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
dma Replace send-mail with the more standarized sendmail, we do not create 2017-12-27 06:23:50 +00:00
fingerd General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
ftpd Use strlcpy(). 2017-12-05 07:21:47 +00:00
getty .Xr pstat(8), so that people have a chance to learn how to get a list 2018-03-02 14:16:19 +00:00
hyperv hyperv: Add VF bringup scripts and devd rules. 2017-07-31 07:18:15 +00:00
mail.local DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
makewhatis.local Deorbit catman. The tradeoff of disk for performance has long since tipped 2017-09-13 16:35:16 +00:00
mknetid General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
pppoed libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
rbootd General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
revnetgroup General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rpc.rquotad DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
rpc.rstatd General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rpc.rusersd General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rpc.rwalld libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
rpc.sprayd rpc.sprayd: raise WARNS to 6 2018-03-05 16:11:07 +00:00
rtld-aout libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
rtld-elf Make rtld_bind_start() debugger friendly. 2018-02-27 15:35:11 +00:00
save-entropy libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
smrsh DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
talkd libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
tcpd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
telnetd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tests Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
tftp-proxy DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tftpd tftpd: Verify world-writability for WRQ when using relative paths 2018-03-10 01:35:26 +00:00
ulog-helper libexec: adoption of SPDX licensing ID tags. 2017-11-27 15:25:02 +00:00
ypxfr spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
Makefile Remove rcmds. 2017-10-06 08:43:14 +00:00
Makefile.amd64 HYPERV isn't available on all architectures, but just on by default 2014-10-16 00:33:06 +00:00
Makefile.i386 HYPERV isn't available on all architectures, but just on by default 2014-10-16 00:33:06 +00:00
Makefile.inc