The inode also has to be the same and one of the nfs clients
has to have the file `open'. So it does seem remote.
>
> I don't understand why this is necessarily better. get_random_bytes
> is a comparatively expensive operation compared to a simple
> increment... what do we gain with this?
>
The reason that you want to get a random number is to make it
harder for someone to guess it. If you can't guess the inode/
generation number you can't access the file.
I must say you are right about the expense of get_random_bytes().
However if you don't seed the i_generation number each time then
you get very little security from the i_generation numbers and
they should only be used for correctness.
The reason is that you can set up a daemon that creates a file and
then deletes it in a loop looking at the inode after each create.
If the inode is different then it knows that someone created a file
and you also know the filehandle for that file. This is not a problem
at the moment because we check the permissions on the path to a file.
However many people would like to see linux nfs behave more like
other nfs implementations.
I would appreciate more input on this.
Allen
---------------------------------
G. Allen Morris III
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/