Subject: Re: FFS reliability problems
To: NetBSD Kernel Technical Discussion List <tech-kern@NetBSD.ORG>
From: David Laight <david@l8s.co.uk>
List: tech-kern
Date: 06/08/2002 09:19:20
On Sat, Jun 08, 2002 at 12:53:09AM -0400, Greg A. Woods wrote:
> > 
> > Even after the unlink, it might be possible for (say) NFS to
> > access the file by guessing a file handle (ie inode number and
> > use count)......
> 
> If you're using NFS and people are guessing your file handles then
> you've got even bigger problems on your hands than worrying about them
> accessing your temporary files (unless maybe the one in question is
> /etc/ptmp :-).
> 
> Don't use NFS anywhere near anything that has to be "that secure"!

I discovered the following about NFS (over UDP) a few years ago:

- if you export part of a filesystes you give access to all of it
- if you allow anyone access you allow everyone access
- if you allow anyone write access you allow everyone write access

When I was playing guessing the NFS handle for the filesystem
root was trivial - inode 2, use count 1 (or similar).

I suspect (but haven't checked) that NFS/TCP does some of the security
checks on a per connection basis - rather than relying on the client
having gone via mountd.

	David

-- 
David Laight: david@l8s.co.uk