Subject: Re: FH munging
To: None <rick@snowhite.cis.uoguelph.ca>
From: Perry E. Metzger <perry@piermont.com>
List: tech-kern
Date: 03/24/1997 18:48:39
rick@snowhite.cis.uoguelph.ca writes:
> Hi,
> 
>    What are inode generation numbers for?
>    
>    They serve two functions: (1) to permit proper ESTALE errors on clients
>    when appropriate and (2) to make file handles hard to guess de novo.
> 
> It might be worth noting that generation numbers were meant for (1) and
> not (2). The latter is a recent hoax that, IMHO, does very little if
> anything for security. Yea, I've seen what CERT says, but I don't buy it.

Well, it might be a hoax, but its the only security NFS has. If you
can guess a handle, you don't even need to be on the list of clients
allowed to touch a machine's file systems.

> If FHs are hard to guess, then someone can just sniff one and go from there.

Well, yes, if they are in a position to sniff.

I do not disagree that NFS security is low, however, without random
generation numbers, it doesn't exist at all -- anyone on the internet
can grab your files.

Its all fine and well to say "Well, NFS is bad, so we should do
nothing at all for it", but there are real users out there who care
and don't like the "just @$(%*( 'em" attitude.

Perry