Subject: FH munging
To: None <tech-kern@NetBSD.ORG>
From: None <email@example.com>
Date: 03/24/1997 17:00:14
What are inode generation numbers for?
They serve two functions: (1) to permit proper ESTALE errors on clients
when appropriate and (2) to make file handles hard to guess de novo.
It might be worth noting that generation numbers were meant for (1) and
not (2). The latter is a recent hoax that, IMHO, does very little if
anything for security. Yea, I've seen what CERT says, but I don't buy it.
If the server will let the client have nfs access, then it has nfs access
and that's about all there is. (Even the "reserved port #" business does
very little, since it assumes that root on the client machine is secure.)
If FHs are hard to guess, then someone can just sniff one and go from there.
Personally, I think that perpetrating the impression that trick like the
above make NFS safe is worse than just telling the truth (ie NFS just
ain't a secure protocol, by any stretch of the imagination:-). It's kind
of like someone putting a fancy lock on a door made of thin plywood with
glass panels in it.
Just my $0.00 worth, rick