Module Name:    src
Committed By:   riastradh
Date:           Thu Mar 28 15:39:42 UTC 2024

Modified Files:
        src/sbin/fsirand: fsirand.8

Log Message:
fsirand(8): Fix security claims.

PR misc/58063

To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sbin/fsirand/fsirand.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sbin/fsirand/fsirand.8
diff -u src/sbin/fsirand/fsirand.8:1.10 src/sbin/fsirand/fsirand.8:1.11
--- src/sbin/fsirand/fsirand.8:1.10	Sun Sep 11 21:22:18 2016
+++ src/sbin/fsirand/fsirand.8	Thu Mar 28 15:39:42 2024
@@ -1,4 +1,4 @@
-.\"	$NetBSD: fsirand.8,v 1.10 2016/09/11 21:22:18 sevan Exp $
+.\"	$NetBSD: fsirand.8,v 1.11 2024/03/28 15:39:42 riastradh Exp $
 .\" Copyright (c) 1997 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -43,8 +43,17 @@
 writes random inode generation numbers for all the inodes on device
 .Ar special .
-These random numbers make the NFS filehandles less predictable, increasing
-security of exported filesystems.
+These random numbers make the NFS filehandles less predictable, which
+was once thought to increase security of exported file systems.
+is no longer relevant because
+.Xr newfs 8
+has randomized inode generation numbers on all new file systems since
+.Nx 2.0 ,
+and in any case, exporting a file system to NFS clients allows them to
+traverse the entire file system, so making filehandles less predictable
+does not prevent clients from finding them anyway.
 should be run on a clean and unmounted filesystem.

Reply via email to