Date: Sat, 11 May 1996 21:00:00 +0200 (MET DST) From: Marc Binderberger <marc@sniff.franken.de> To: jmb@freefall.freebsd.org (Jonathan M. Bresler) Cc: freebsd-security@freebsd.org Subject: Re: NFS Message-ID: <199605111900.VAA02490@sniff.franken.de> In-Reply-To: <199605102143.OAA27441@freefall.freebsd.org> from "Jonathan M. Bresler" at May 10, 96 02:43:37 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Jonathan M. Bresler wrote: > going towards root (cd ..) is my gues as to what he means by > "going down the tree from that directory" (envision a directory > tree with root at the bottom, where a tree's roots are ;) Never understood, why computer scientist use the term "tree" upside down. Why don't you start painting at the bottom of the paper? :-) Serious: > the users on the mahcine that mounts teh nfs exported directory > cannot cd .. *on my filesystem* from the exported directory. > (eg if i export /home/jmb/Papers/usenix from my machine to > yours, you will not be able to access /home/jmb/Papers) Really? As far as I remember the filehandle can be spoofed to access every file on the partition, not only files located in the exported part. Every client can do so with the appropriate patches. But I've never tried this with a FreeBSD box. For HPUX, Ultrix and OSF/1 it works. The only problem was to "guess" the inode of the "real root", because Ultrix and OSF/1 are doing some kind of fsirand when formatting the disk. HPUX is too trivial to be true and in most cases inode "2" was the root of the partition's filesystem. :-( To be _really_ sure there's no one who can steal some informations better export the whole partition - it's closer to reality. Regards, Marc -- Marc Binderberger 97076 Wuerzburg, Germany marc@sniff.franken.de Powered by FreeBSD ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605111900.VAA02490>