Subject: Re: FH munging
To: None <tech-kern@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 03/26/1997 07:40:00
>>>    What are inode generation numbers for?  [(1)ESTALE, (2)guessing]
>> It might be worth noting that generation numbers were meant for (1)
>> and not (2). The latter is a recent hoax that, IMHO, does very
>> little if anything for security.
> Well, it might be a hoax, but its the only security NFS has.  If you
> can guess a handle, you don't even need to be on the list of clients
> allowed to touch a machine's file systems.

Then the NFS server is critically broken.  (Granted, a lot of vendors'
NFS servers are broken in this way - this doesn't make it any less
broken.  This is one reason firewall vendors are doing such good
business.)

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B