Michael Neuman says: > > There are techniques you can exploit here that make hijacking an NFS > > partition or simply destroying it way too simple. > > Name a few Perry, that's what bugtraq is for... Generally alluding to > techniques is worthless. How about... Listening in on other people's transactions -- stealing or guessing file handles using aquired information. (BTW, fsirand is not exactly a cryptographic random number source.) Incidently, file handle structure isn't exactly random, either -- have a look at whats in them. Using forged packets (possibly source routed) to spoof mountd into handing you file handles which you then exploit. In systems using NIS (the Notoriously Insecure Service), you can spoof NIS packets in order to convince kernels that you have privs you don't have, or spoof it to convince NIS to hand you information you don't deserve. This is just what comes off the top of my head -- I'm sure I can come up with more. Opening up NFS or NIS to the net is asking for trouble. Perry