Steve Bellovin writes: >fsirand doesn't give you cryptographyically-strong random numbers; >however, an outsider isn't ``supposed'' to have even one sample from >which to work. (If the outsider is eavesdropping, he or she can pick >up the root file handle directly, so it doesn't matter much.) Hmmm...if I understand the attack correctly, all one need do is ask for random inode numbers until a directory entry is found. From there, once recursively extracts `..' until the top is found, and then you have the whole tree with names in short order.