Subject: Re: FH munging
To: None <tech-kern@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 03/26/1997 07:40:00
>>>    What are inode generation numbers for?  [(1)ESTALE, (2)guessing]
>> It might be worth noting that generation numbers were meant for (1)
>> and not (2). The latter is a recent hoax that, IMHO, does very
>> little if anything for security.
> Well, it might be a hoax, but its the only security NFS has.  If you
> can guess a handle, you don't even need to be on the list of clients
> allowed to touch a machine's file systems.

Then the NFS server is critically broken.  (Granted, a lot of vendors'
NFS servers are broken in this way - this doesn't make it any less
broken.  This is one reason firewall vendors are doing such good

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B