[94] in linux-security and linux-alert archive
Re: Yet another NFS hole
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Mar 10 10:06:57 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 10 Mar 1995 11:41:28 +0100 (MET)
Reply-To: linux-security@tarsier.cv.nrao.edu
Elias Levy wrote:
>
> I dont belive you need to keep track of clients with mounted file
> systems, just make the handles more randos, but i'am no nfs expert to
> I'll shut up :)
The problem is, NFS does not let you change your randomization unless
you are absolutely sure no other machine currently has an NFS mount
from you. You can't even guarantee this at boot time. So, you must randomize
all fh's in the same way, now and forever.
One way to put this to work would be to use a single secret key with which
you encrypt all file handles. But once you've gone that far, you can also
throw in per-mount authentication:)
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
