Subject: None
To: None <tech-kern@NetBSD.ORG>
From: None <>
List: tech-kern
Date: 03/26/1997 11:21:00

   Well, not quite.  Hard-to-guess filehandles do provide some protection
   against attackers who can talk to the nfsd but can't sniff traffic
   to/from legitimate clients.  And unless you firewall, or run a system
   with a sane nfsd (which I suspect cuts out most current vendor OSes),
   that's most of the net.

Yep, I'll agree with the above. (I probably went overboard on my last post,
but I get upset when people talk about this as if it solves NFS's security
problems.) I also don't think that, given its minimal effect, worrying about
a "good" FH munger is worth the effort, especially since BSD does enforce
host restrictions.

Have a good week, rick