On Thu, Jan 14, 2021 at 10:08 AM bfields@xxxxxxxxxxxx <bfields@xxxxxxxxxxxx> wrote: > > I dug around a bit and couldn't find the idea of using filehandle > guessing plus mountd's following of symlinks to get access to other > filesystems. That's kind of interesting. [ Other people removed from cc, this is just a question about nfsd cleanliness ] I missed if Trond's suggestion to at least fix up ".." to have the same filehandle as "." for the top export directory was done. Because honestly, the whole "guessing file handles is easy" argument doesn't seem to cover the case that the client just does something wrong _by_mistake_, and this ends up then exposing the server unnecessarily that way. It's one thing if you have an actively malicious client that is controlled by an attacker and that then makes up its own file handles. It's another thing if you have a (benign) client that can be fooled to access files on the server that it shouldn't have. So I think that from a pure cleanliness standpoint, the server shouldn't give the client a file handle that the client mustn't actually ever use! It's just a recipe for "oops, I didn't mean to do something bad, but by mistake..." Hmm? Linus