Bugtraq mailing list archives
Re: NFS exporting
From: smb () research att com (smb () research att com)
Date: Thu, 14 Apr 94 09:30:43 EDT
Michael Neuman says: > > There are techniques you can exploit here that make hijacking an N FS > > partition or simply destroying it way too simple. > > Name a few Perry, that's what bugtraq is for... Generally alluding to > techniques is worthless. How about... Listening in on other people's transactions -- stealing or guessing file handles using aquired information. (BTW, fsirand is not exactly a cryptographic random number source.) Incidently, file handle structure isn't exactly random, either -- have a look at whats in them. fsirand doesn't give you cryptographyically-strong random numbers; however, an outsider isn't ``supposed'' to have even one sample from which to work. (If the outsider is eavesdropping, he or she can pick up the root file handle directly, so it doesn't matter much.) The seed for fsirand is a combination of the time (including the microseconds field) and the pid. If you know approximately when the file system was built, you can guess at it, but a fair number of guesses will be needed. I suspect that that approach is not feasible unless you have a very good guess about when fsirand was used. *However* -- through (I think) SunOS 4.1.1, there was a bug in the way the seed was calculated; the time of day was not used. Only the pid was used, which means that guessing could succeed. (My apologies for not being more explicit; I don't know how far I can go without violating our source license.) The whole file handle structure isn't random; however, it does include a 32-bit random field. (And that, of course, limits the number of guesses needed.)
Current thread:
- Re: NFS exporting, (continued)
- Re: NFS exporting Michael Neuman (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Paul Graham (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Rob Quinn (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)