Since tftp performs no
authentication, the tftpd
server will only allow the client to access publicly readable files. tftpd is almost always invoked with a
directory on the command line, in which case the client is restricted to files in that directory. When the client requests an
absolute filename (one beginning with /) the tftpd may either take it as it is, and refuse the request if the file is outside the tftp directory, or
prefix it with the name of the tftp directory. Which it does depends on the version of tftpd and the command-line options used - for example, on Linux systems the "-s" option will cause the second behaviour to be chosen.
Hewlett-Packard X terminals typically use tftp to download their software. They can also use NFS, but this is more difficult to make secure at the server end.