lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAH2r5msXDJM8hVgqHt6nzncWUo_tdCTXYJ5BaA7Tgza7+QDGHA@mail.gmail.com>
Date:   Sat, 8 Jul 2017 19:01:52 -0500
From:   Steve French <smfrench@...il.com>
To:     "linux-cifs@...r.kernel.org" <linux-cifs@...r.kernel.org>,
        samba-technical <samba-technical@...ts.samba.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [CIFS] Upgrade default dialect to SMB3 from cifs (SMB1) for
 improved security

I had missed a review comment from Pavel - now included, and the first
patch updated to include that minor change.

https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=2a38e12053b760a8f5e85030eb89512660077c15

and

https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=eef914a9eb5eb83e60eb498315a491cd1edc13a1

On Sat, Jul 8, 2017 at 5:47 PM, Steve French <smfrench@...il.com> wrote:
> Due to recent publicity about security vulnerabilities in the
> much older CIFS dialect, these patches move the default dialect to the
> widely accepted (and quite secure) SMB3.0 dialect from the
> old default of the CIFS dialect.
>
> We do not want to be encouraging use of less secure dialects,
> and both Microsoft and CERT now strongly recommend not using the
> older CIFS dialect (SMB Security Best Practices
> "recommends disabling SMBv1").
>
> SMB3 is both secure and widely available: in Windows 8 and later,
> Samba and Macs.
>
> Users can still choose to explicitly mount with the less secure
> dialect (for old servers) by choosing "vers=1.0" on the cifs
> mount e.g. to take advantage of Samba's "CIFS POSIX Extensions"
>
> The two patches for this are attached and also at:
> https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=abc018498883b395e34e2ee976bca7cb944f8ecd
>
> and
>
> https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=c9db9d35a8c85a571d1fa8987703aa0f21de5e32--
> Thanks,
>
> Steve



-- 
Thanks,

Steve

View attachment "0002-SMB3-Improve-security-move-default-dialect-to-SMB3-f.patch" of type "text/x-patch" (1680 bytes)

View attachment "0001-SMB3-Remove-ifdef-since-SMB3-and-later-now-STRONGLY-.patch" of type "text/x-patch" (23667 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ