most of the generation number will be a counter that is
incremented when an inode is allocated. However; the bottom
5 bits will be seeded with a random number from net_random.
An attacker will still be able to make a filehandle with this
scheme, there is a 31 in 32 chance that they will not pick the
correct lower 5 bits. However if the upper bits are correct
and the lower bits are not correct then, most likely, an attack
is in progress.
Five bits is just a guess. You want there to be a good chance
that attacks will be seen, but you don't want the counter to
roll over to soon. Five bits gives you 150 million files
before the generation number wraps and also gives a 96% chance
that an attack will be logged. Six bits is 67 million files
and a 98% chance of seeing an attack.
The code is as follows:
inode->i_generation += 0x20;
inode->i_generation ^= net_random() & 0x1F;
Please send comments.
Allen
-- Allen Morris <gam3@acm.org>- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/