| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 08:42:44 -0700
From: Jeremy Allison <jra@...ba.org>
To: Steve French <smfrench@...il.com>
Cc: Kees Cook <keescook@...omium.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
CIFS <linux-cifs@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Namjae Jeon <linkinjeon@...nel.org>
Subject: Re: [GIT PULL] ksmbd server security fixes
On Wed, Sep 22, 2021 at 10:20:01PM -0500, Steve French wrote:
>On Wed, Sep 22, 2021 at 9:47 PM Kees Cook <keescook@...omium.org> wrote:
>>
>> Hi Steve,
>>
>> I was looking through the history[1] of the ksmbd work, and I'm kind
>> of surprised at some of the flaws being found here.
>
>I was also surprised that a couple of these weren't found by smbtorture,
>although to be fair it is more focused on functional testing of the protocol
>(and is quite detailed). Most of my analysis of the code had been
>focused on functional coverage, and protocol features (and removing
Steve, you should have been surprised they weren't
caught by smbtorture, especially if your "analysis of the code
had been focused on functional coverage".
No one has been looking at the logic for this, and IMHO
that's a problem. It's good they are looking now, but
I think this code needs additional maintainers.
Powered by blists - more mailing lists