In message <9404140442.AA22725@Princeton.EDU>, Carl Corey writes: >Now, are we talking exporting writeable to everyone, or _any_ NFS exported >writeable partition? > Just NFS exported writable partition... The whole purpose of mountd is to give the client who mounts a filesystem a valid filehandle of the top directory of that filesystem...problem is you can send NFS requests directly to the nfsd and try to GUESS a file handle...at that point (nfsd) there is no authorization check... >is this exploitable? How would it be exploited? Is there a way to keep >people from exploiting it (besides not exporting it)? Well, thats what this discussion's been about so far :-) I THOUGHT secure RPC was secure...if it was using the algorithms correct, it should be....as it seems, a poor implementation blew this up... -Aggelos