Date: Thu, 12 Apr 2001 20:06:17 +0200 From: Thomas Quinot <quinot@inf.enst.fr> To: Alfred Perlstein <bright@wintelcom.net> Cc: current@FreeBSD.ORG Subject: Re: NFS export to netgroup with duplicate hosts Message-ID: <20010412200617.A12763@shalmaneser.enst.fr> In-Reply-To: <20010412110021.D24582@fw.wintelcom.net>; from bright@wintelcom.net on Thu, Apr 12, 2001 at 11:00:22AM -0700 References: <20010412182900.B30764@cuivre.fr.eu.org> <Pine.SGI.4.10.10104121836360.3093471-100000@harem.imp.ch> <20010412110021.D24582@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 2001-04-12, Alfred Perlstein écrivait :
> m: "Don't call me dude." *thwack* "The point is that if the
> workstation is untrusted, what's the stop the mallicious hacker
> from taking a read-only filehandle and swapping the top byte with
> the byte required for write access?"
The kernel could include a 'signature' in the handle, e.g. in the form of
a hash of (perm-bytes,handle-bytes,secret-key).
(But the following still holds:)
> s: "Master, this sounds like hella work!"
(plus some crypto algorithm right in kernel space...)
> m: "Ahhhh, you are correct, now get cracking!"
Thomas.
--
Thomas Quinot ** Département Informatique & Réseaux ** quinot@inf.enst.fr
ENST // 46 rue Barrault // 75634 PARIS CEDEX 13
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010412200617.A12763>