John Franklin <franklin@elfie.org> writes:

> On Tue, Sep 25, 2001 at 12:10:47PM -0400, Nathan J. Williams wrote:
> > In reality, an attacker could access any of the exported filesystems
> > with options permitted by the least restrictive of the exports.
> > 
> > The NFSv2 spec is RFC 1094, NFSv3 is 1813, and I'm ignoring NFSv4
> > because it doesn't really exist in the market yet. The details are in
> > there.
> 
> Are you saying that the NFS export ID can't be and/or isn't encoded in
> the NFS filehandle?  Or the client IP (to prevent shared FHs?)  Or any
> other security token?  Say, hash the filehandle with a secret number
> held by the server, and include the last 4-8 bytes in the file handle?
> 
> It should be trivial to allow different options on NFS exported
> filesystems.

"A simple matter of programming". Got some patches?

I suspect that system designers look at the lack of security in NFS
(cleartext data, metadata, and handles; replayable handles;
client-specified userid, and so on) and simply decide not to bother
band-aiding it.

        - Nathan