lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 12 Feb 2020 22:43:47 -0600
From:   Steve French <smfrench@...il.com>
To:     L Walsh <cifs@...nx.org>
Cc:     CIFS <linux-cifs@...r.kernel.org>,
        Linux-Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [CIFS][PATCH] Add SMB3/Win10-only Change Notify

I don't object to adding the feature to 2.1, and if you have SMB2.1
devices to try even better (I can add your tested-by ...) but 99% of
my testing these days is with SMB3 or later target servers (Samba,
Azure, Windows 10, Windows 2016 or later, the cifsd kernel server
etc.).  We do some testing with the buildbot with SMB2.1 dialect but
it is a little different forcing the dialect to 2.1 on the mount (to a
server which would otherwise support later dialects) vs. actually
running to an older device (Samba server e.g. has supported SMB3 for a
very, very long time - at least seven years so we have to go back
pretty far).

If you have the ability to try the attached patch which enables it for
SMB 2.1 dialect let me know.  (I have also pushed it to cifs-2.6.git
for-next to allow it to be tested)


On Wed, Feb 12, 2020 at 5:33 PM L Walsh <cifs@...nx.org> wrote:
>
> On 2020/02/10 06:30, Steve French wrote:
> >
> >>     By calling it a SMB3 feature, does that mean you are removing
> >> it from SMB2?
> >>
> >
> > That is a good question.  I should have made more clear that although
> > many servers support Change Notify prior to SMB3 dialect, we chose
> > to implement it in SMB3 (late 2012 and later dialect) to minimize testing
> > risks and since we want to encourage users to use SMB3 or later (or
> > at least SMB2.1 or later since security is significantly better for later
> > dialects than for SMB1 and even SMB2)
> >
> ----
>     SMB2.1 would be fine for my purposes, I find it a bit odd though that
> my linux server running these changes won't be as capable of detecting
> directory changes as an outdated Win7 machine.
>
>     There are many below-SMB3 speaking devices out in the world right now.
> Probably many below 2.1.
>
>     You say you want to "encourage users to use SMB3 or later (or at least
> SMB2.1)", how does adding SMB3-only support allow users to use SMB2.1?
> Say your encouragement of users is taken to heart, and they want to use
> SMB3.
> How would those users upgrade the dialect of SMB used in their
> machine or device?  I don't know of any easy way to upgrade existing
> devices -
> even existing OS's, if a user ran Win7, how would they upgrade the CIFS
> drivers to 3.0?
>
>     If it is not possible to upgrade existing devices, then wouldn't that
> encouragement boil down to junking the device and buying a new one?
> > Change Notify is available in all dialects (SMB2, SMB2.1, SMB3, SMB3.1.1)
> > for many servers but for the client we just implemented it for SMB3 and later.
> >
>     Doesn't that mean that the linux client won't be able to access
> existing
> NAS servers or Win-Client machine running anything other than Win10?  Does
> the current version of samba provide full SMB3 support?  If not, doesn't
> that
> imply that the client for CIFS won't be able to access or use these features
> from another linux server?
> > If you have a server that you want to support that requires
> > SMB2 or SMB2.1 mounts, I wouldn't mind a patch to add notify support
> > for those older dialects but I would like to encourage use of SMB3 or later (or
> > at least SMB2.1 or later) where possible.
> >
>     Again, how does implementing SMB3-only, only support SMB2.1 or later?
>
>     If you feel it would be trivial to add such a patch, wouldn't you be in
> the position of, probably, having the most knowledge about the subject
> and be
> likely to do the best job without breaking anything else?  Certainly doesn't
> mean someone else couldn't but seems riskier than offering a Linux
> client that
> would be able to access the widest range of existing devices and
> computers from
> the start.
>
> Thanks!
> Linda
>
>
>
>
>
>
>


--
Thanks,

Steve

View attachment "0001-cifs-enable-change-notification-for-SMB2.1-dialect.patch" of type "text/x-patch" (1023 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ