[119] in linux-security and linux-alert archive
NFS spoof tool
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sun Mar 12 12:12:45 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 12 Mar 1995 18:05:47 +0100 (MET)
Reply-To: linux-security@tarsier.cv.nrao.edu
Hello all,
I've had quite a number of requests for my sample NFS spoofing code.
I don't feel quite comfortable about releasing it to the general public
yet before everyone had their chance of upgrading.
However, I'm making it available to people on this list. Please don't
spread it around too much. The file is on linux.nrao.edu in
/pub/people/okir/private/bemyguest/nfspoof.c. The private directory is
not readable, so you have to cd through it blindly.
On a different issue: I'd like to conduct a little straw poll on making
NFS file handles more secure. I've thought about encrypting FHs using DES
or IDEA. Stuffing a checksum into the FH may not be that good, because
the server as it is stores a hashed path in the handle. With the current
concept, this allows for 27 or so nested directories not counting the root.
Storing a complete MD5 hash would reduce this to 11 levels. SHA takes up
20 bytes, so that would leave 7 levels. Any comments?
There's of course the question of US export law. I'd like to hear opinions
on this, too; but please send them to me in private email.
Regards,
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
