Module Name: src
Committed By: riastradh
Date: Thu Mar 28 15:39:42 UTC 2024
Modified Files:
src/sbin/fsirand: fsirand.8
Log Message:
fsirand(8): Fix security claims.
PR misc/58063
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sbin/fsirand/fsirand.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/fsirand/fsirand.8
diff -u src/sbin/fsirand/fsirand.8:1.10 src/sbin/fsirand/fsirand.8:1.11
--- src/sbin/fsirand/fsirand.8:1.10 Sun Sep 11 21:22:18 2016
+++ src/sbin/fsirand/fsirand.8 Thu Mar 28 15:39:42 2024
@@ -1,4 +1,4 @@
-.\" $NetBSD: fsirand.8,v 1.10 2016/09/11 21:22:18 sevan Exp $
+.\" $NetBSD: fsirand.8,v 1.11 2024/03/28 15:39:42 riastradh Exp $
.\"
.\" Copyright (c) 1997 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -43,8 +43,17 @@
.Nm
writes random inode generation numbers for all the inodes on device
.Ar special .
-These random numbers make the NFS filehandles less predictable, increasing
-security of exported filesystems.
+These random numbers make the NFS filehandles less predictable, which
+was once thought to increase security of exported file systems.
+.Pp
+.Nm
+is no longer relevant because
+.Xr newfs 8
+has randomized inode generation numbers on all new file systems since
+.Nx 2.0 ,
+and in any case, exporting a file system to NFS clients allows them to
+traverse the entire file system, so making filehandles less predictable
+does not prevent clients from finding them anyway.
.Pp
.Nm
should be run on a clean and unmounted filesystem.
