chucklever
commented
7 months ago [J. Bruce Fields 2022-01-10 21:16:24 UTC] Are there any implementations at all, server or client?
I'd be inclined to give up and close this at this point.
Closed chucklever closed 7 months ago
chucklever
commented
7 months ago [J. Bruce Fields 2022-01-10 21:16:24 UTC] Are there any implementations at all, server or client?
I'd be inclined to give up and close this at this point.
chucklever
commented
7 months ago [Chuck Lever 2022-01-21 19:13:52 UTC] There seems to be no demand for this feature. Closing until someone requests it.
This was bugzilla.linux-nfs.org 355
Description
[Chuck Lever 2020-12-08 20:11:10 UTC] NFSv4 deployments without Kerberos are vulnerable to lease purging attacks. A lease purging attack occurs when a malicious client spoofs the NFSv4 server into purging the open and lock state it holds for a victim client.
The NFSv4 protocol provides mechanisms to protect a client's open and lock state. The client can request this protection by setting the spa_how argument of the EXCHANGE_ID operation.
The Linux NFSD implementation in 5.10 supports SP4_NONE and SP4_MACH_CRED. There is a third protection type that the spec requires servers to support, but Linux NFSD does not yet: SP4_SSV. However, to date, there are no known client implementations of SP4_SSV.
Comment 1
[J. Bruce Fields 2022-01-10 21:16:24 UTC] Are there any implementations at all, server or client?
I'd be inclined to give up and close this at this point.
Comment 2
[Chuck Lever 2022-01-21 19:13:52 UTC] There seems to be no demand for this feature. Closing until someone requests it.