terryl@tekchips.UUCP () (10/23/84)
There is a bug in the way ftp validates pathnames for the "get" command. In the file ftp.c, in the routine recvrequest(), the code looks something like this: if (strcmp(local, "-") && *local != '|') if (access(local, 2) < 0) { char *dir = rindex(local, '/'); if (dir != NULL) *dir = 0; /* WRONG!! */ if (access(dir ? dir : ".", 2) < 0) { perror(local); goto bad; } if (dir != NULL) *dir = '/'; } First ftp tries to see if the user has write access to the full pathname; if not, then ftp tries to see if the user has write access to the directory the file will go in. It is this test that is done wrong; as one can see from the above code, if the pathname has at least one '/' in it, then the last '/' is zero'd out to get the directory component of the name. But it passes a pointer to this zero'd out portion of the pathname to access() to validate the user has write access to the directory, essentially a null pathname. A null pathname refers to the current directory under 4.2. Now, if the user is in a directory that he does not have write permission to, AND he does not have write permission to the file he is trying to transfer (or more commonly, the file does not exist yet), then ftp will report "Permission denied.", even though he may have write permission to the target directory and the file really doesn't exist yet. To fix this, change the line marked /* WRONG!! */ to below: if (access(dir ? local : ".", 2) < 0) { and everything should be hunky-dory. It looks like this bug has been in there for quite a while. The 4.2 release we have is dated 7/26/83 version 4.11; we have sources going back to 2/25/83 version 4.4, and they both have the same bug. Terry Laskodi of Tektronix