rick@snowhite.cis.uoguelph.ca writes:
> Unless NetBSD dismantled it (and I doubt that), the restrictions specified
> in /etc/exports are pushed down into the kernel and are checked for every
> RPC request. (There was a fairly recently fixed bug in the code that did
> cause a problem in certain situations. I can't remember if it allowed a
> security breach or not.)
> 
> I don't know if the Linux nfs does this, but 4.4 BSD definitely did.

Cool. Of course, none of this prevents forged packet source
addresses. fsirand is still of use.

Perry