In message <9502050141.AA24245@sol.nstl.gov>, martha@sol.nstl.gov (Martha Lanatte) writes: > The nfsbug program guessed this file handle for my system, how do I protect > against someone using it, and how do I make use of this information? Umm, I *think* FH guessing is done by predicting inode values, and thus you can help guard against it by using a working fsirand(8), if you've got one. If someone can obtain a filehandle then they can try a replay attack to wander around the disk at will, unless your nfsd's do extra checking. NOTE: they may not even appear to have the disk mounted! > GUESSABLE FILE HANDLE 129.186.109.1: (7,6) ufs <0,2,907605096> > <0,2,907605096> > = < 00 00 07 06 00 00 00 01 00 0a 00 00 00 00 00 02 36 18 f4 68 00 0a 00 00 > 00 00 00 02 36 18 f4 68 > > > What filesystem on my machine does this relate to? Well, I guess that if it's a Sun then we're talking about /dev/sd0g. brw-r----- 1 root operator 7, 6 Oct 21 1993 /dev/sd0g > UID .. BUG: 129.186.109.1:<unknown> > > Is this the nobody - truncate - root bug? Yup. > I'm not too knowledgeable about NFS security, so any help would be > appreciated. :) I'm afraid it tends to be something of a joke. You should also look at replacing the portmapper with Wietse's one that doesn't do indirection, as otherwise there's a good chance that you can con it into mounting disks for you.. Chris -- Christopher Samuel Open Software Systems Group chris@rivers.dra.hmg.gb N-115, Defence Research Agency, St Andrews Road, Great Malvern, England, UK "To no man will we sell, or delay, or deny, right or justice" -- Magna Carta