Perry Metzger writes:

>BTW, I will point out that this still does nothing to defend yourself
>against guessed NFS file handles with forged addresses on them -- you
>need fsirand for that.

If you can forge an address that easily, fsirand doesn't help in
any environment I've ever worked in.   if you can forge an address
on the local subnet, you can  sniff a mount request going by on the
local
wire.


OK, so you work in environments where fsirand is necessary and
sufficient.  I work in environments where fsirand is **not sufficient**,
your assertions to the contrary notwithstanding.

Since fsirand is not sufficient, it's not even necessary.  On the
other hand, /etc/exports-style IP address ACLs with one or a handful
of entries *are* sufficient, though not strictly necessary.
I think that's true of many, if not most, academic sites.

Earlier, I wrote:

>There are other security schemes other than the specific one(s) you
>seem to have rather firmly in mind.  Some of them are even quite
>viable.  I don't think it makes sense for NetBSD to exclude them from
>consideration, just because they don't fit into your particular
>environment.

Which, it would seem, you haven't even read...