Bugtraq mailing list archives

Re: NFS exporting

From: scs () lokkur dexter mi us (Steve Simmons)
Date: Thu, 14 Apr 1994 16:10:54 -0400 (EDT)


Steve Bellovin writes:

fsirand doesn't give you cryptographyically-strong random numbers;
however, an outsider isn't ``supposed'' to have even one sample from
which to work.  (If the outsider is eavesdropping, he or she can pick
up the root file handle directly, so it doesn't matter much.)


Hmmm...if I understand the attack correctly, all one need do is ask
for random inode numbers until a directory entry is found.  From there,
once recursively extracts `..' until the top is found, and then you 
have the whole tree with names in short order.

Current thread:

Re: NFS exporting, (continued)
- - - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Paul Graham (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
  - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Rob Quinn (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
  - Re: NFS exporting Aggelos D. Keromitis (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Perry E. Metzger (Apr 14)