Subject: Re: FH munging
To: None <tech-kern@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 03/25/1997 21:19:38
>> What are inode generation numbers for?
>> They serve two functions: (1) to permit proper ESTALE errors on
>> clients when appropriate and (2) to make file handles hard to guess
>> de novo.
> It might be worth noting that generation numbers were meant for (1)
> and not (2).
True enough. (And, not surprisingly, they do (1) very well and (2)
> The latter is a recent hoax that, IMHO, does very little if anything
> for security.
In practice, I suspect you are right. Certainly where I work, any host
that can talk to our NFS server is also in a position to sniff
filehandles, and none of this provides any defense against anyone who
can sniff filehandles.
> If FHs are hard to guess, then someone can just sniff one and go from
Well, not quite. Hard-to-guess filehandles do provide some protection
against attackers who can talk to the nfsd but can't sniff traffic
to/from legitimate clients. And unless you firewall, or run a system
with a sane nfsd (which I suspect cuts out most current vendor OSes),
that's most of the net.
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B