Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: randomizing filehandles: why not use fsirand?
From: yogo () math tau ac il (Yossi Gottlieb)
Date: Fri, 14 Apr 1995 15:03:51 +0300 (GMT+0300)


I've wondered why noone (to my knowledge) has suggested to write
a tool similar to fsirand. Fsirand randomizes all inode numbers
on a system, which makes guessing file handles a little harder.
Of course the randomization used in such a tool should be
"really random", so that we don't end up with the same problem
as SunOS: the random element used in fsirand wasn't random enough.
Comments anyone?

The random part is NOT the inode number, but rather a 32bit 'generation'
number, which is a part of the filehandle (the only part you can't
compute).

It seems like the ext2 inode support this (i_version field), but I am not
sure how it is treated by the ext2 code (it DOES handle it, says grep). There
should also be some kind of interface for the NFS server (running as a user
process for now) to ask for i_version....


yossi.



  By Date           By Thread  

Current thread:
  • Re: randomizing filehandles: why not use fsirand? Yossi Gottlieb (Apr 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]