[97] in linux-security and linux-alert archive
Re: Yet another NFS hole
daemon@ATHENA.MIT.EDU (Thomas Koenig)
Fri Mar 10 14:58:48 1995
To: okir@monad.swb.de (Olaf Kirch)
Date: Fri, 10 Mar 1995 13:33:22 +0100 (MET)
In-Reply-To: <m0rn2MH-000KjCC@monad.swb.de> from "Olaf Kirch" at Mar 10, 95 11:55:48 am
From: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas Koenig)
Reply-To: linux-security@tarsier.cv.nrao.edu
>
> Thus spake thou, Alan Cox:
> >
> > SunOS was changed about 4.1.x to encrypt file handles. It doesn't
> > work very much better because you can spoof a host and issue
> > open requests easily, but its better than nothing.
Do they actually trust the machinename field of the struct auth_unix?
ARGH - at least they could disregard that, and use the IP address
instead (not perfect, as we all know, but still better).
[...]
> Mount tracking turns out to be really ugly, BTW, because you have to
> track client state. Thomas' idea of limiting the number of mounts a
> client can have on the same directory is okay, but you still have to
> have a way to expire old mount records after a client crash.
I'd recomment expiring the oldest one. Chances are the client
crashed, anyway.
