Since tftp performs no authentication
, the tftpd server
will only allow the client to access publicly readable files. tftpd is almost always invoked with a directory
on the command line, in which case the client is restricted to files in that directory. When the client requests an absolute
filename (one beginning with /) the tftpd may either take it as it is, and refuse the request if the file is outside the tftp directory, or prefix
it with the name of the tftp directory. Which it does depends on the version of tftpd and the command-line options used - for example, on Linux systems the "-s" option will cause the second behaviour to be chosen.
Hewlett-Packard X terminals typically use tftp to download their software. They can also use NFS, but this is more difficult to make secure at the server end.