Bugtraq mailing list archives
Re: NFS exporting
From: scs () lokkur dexter mi us (Steve Simmons)
Date: Thu, 14 Apr 1994 16:10:54 -0400 (EDT)
Steve Bellovin writes:
fsirand doesn't give you cryptographyically-strong random numbers; however, an outsider isn't ``supposed'' to have even one sample from which to work. (If the outsider is eavesdropping, he or she can pick up the root file handle directly, so it doesn't matter much.)
Hmmm...if I understand the attack correctly, all one need do is ask for random inode numbers until a directory entry is found. From there, once recursively extracts `..' until the top is found, and then you have the whole tree with names in short order.
Current thread:
- Re: NFS exporting, (continued)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Paul Graham (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Rob Quinn (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)