Subject: Re: exporting -ro nfs
To: None <netbsd-users@NetBSD.org>
From: Pavel Cahyna <pavel@NetBSD.org>
List: netbsd-users
Date: 01/25/2007 21:07:27
On Thu, Jan 25, 2007 at 09:17:16AM -0800, Bill Studenmund wrote:
> The problem is that the NFS server code can't tell if a file handle
> corresponds to a file under a given mount point or not when you have
> multiple exposed mount points in one file system. So say you had one
> directory in an fs exposed read-write and another read-only. If an 
> attacker took a file handle from the r/o mount and used it via the r/w 
> mount point, the corresponding file can be modified even though the 
> initial layout would say it wouldn't.
> 
> Null mounts don't change this as the file-system-specific part of our file 
> handles are the same between a null mount and the underlying file system. 
> So given a file handle from the null mount, you can figure out the file 
> handle for the same file for the non-nullfs fs.

Could nullfs encrypt the filehandles of the underlying filesystem and use
those encrypted filehandles for NFS?

Pavel Cahyna