Open chucklever opened 7 months ago
chucklever
commented
7 months ago [J. Bruce Fields 2022-01-10 21:07:55 UTC] Callbacks are mostly just notifications, which may limit the risk here to DoS attacks which encryption wouldn't necessarily prevent?
(CB_GETATTR might be an exception, though.)
chucklever
commented
7 months ago CB_GETATTR would like to have strong integrity checking.
If a CB_OFFLOAD is dropped, clients might hang forever waiting for a copy to finish. However, that can be partially avoided if the client supports COPY_NOTIFY. (Linux currently does not).
A missing CB_NOTIFY might cause a client to wait forever for a blocking lock to be granted.
So, probably no data leaks here, but there is plenty of room for mischief.
This was bugzilla.linux-nfs.org 357
[Chuck Lever 2020-12-08 20:18:18 UTC] The Linux NFS server's NFSv4.0 callback support can use GSS to protect CB operations. On NFSv4.1 and newer, where CB operations flow in the reverse direction on the same transport as NFS operations, GSS protection is not supported (but is allowed by spec). It might be surprising to some administrators to learn that CB operations are less secure on newer minor versions of NFS.