In article <udl7ma9licq.fsf@tux.mit.edu> you write:
>Stefan Monnier <monnier+lists/linux/kernel/news/@TEQUILA.SYSTEMSZ.CS.YALE.EDU> writes:
>> But that's known, the question is: if you export /export (which is just a
>> subdir of the / partition), will the client be able to access /etc/passwd by
>> passing to the server the inode of /etc/passwd ?
>If /export and /etc are both on the root partition, yes: you know / is
>a directory with inode number 2, and can proceed from there. NFS is
>*not* secure; deal.
But THIS attack can be circumvented by using unguessable generation
numbers (with the usual assumptions necessary for NFS "security", i.e.
that file handles are not sniffed from the net). Even if a client knows
that / has inode number 2, he cannot know the generation number. And if
that mismatches, an error occurs and no access is granted.
Regards, Felix.