Subject: None
To: None <tech-kern@NetBSD.ORG>
From: None <rick@snowhite.cis.uoguelph.ca>
List: tech-kern
Date: 03/26/1997 11:21:00
Hi,
Well, not quite. Hard-to-guess filehandles do provide some protection
against attackers who can talk to the nfsd but can't sniff traffic
to/from legitimate clients. And unless you firewall, or run a system
with a sane nfsd (which I suspect cuts out most current vendor OSes),
that's most of the net.
Yep, I'll agree with the above. (I probably went overboard on my last post,
but I get upset when people talk about this as if it solves NFS's security
problems.) I also don't think that, given its minimal effect, worrying about
a "good" FH munger is worth the effort, especially since BSD does enforce
host restrictions.
Have a good week, rick