On Tue, Sep 25, 2001 at 12:10:47PM -0400, Nathan J. Williams wrote:
> In reality, an attacker could access any of the exported filesystems
> with options permitted by the least restrictive of the exports.
> 
> The NFSv2 spec is RFC 1094, NFSv3 is 1813, and I'm ignoring NFSv4
> because it doesn't really exist in the market yet. The details are in
> there.

Are you saying that the NFS export ID can't be and/or isn't encoded in
the NFS filehandle?  Or the client IP (to prevent shared FHs?)  Or any
other security token?  Say, hash the filehandle with a secret number
held by the server, and include the last 4-8 bytes in the file handle?

It should be trivial to allow different options on NFS exported
filesystems.

jf
-- 
John Franklin
franklin@elfie.org
ICBM: N37 12'54", W80 27'14" Z+2100'