| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251017162403.GB1566@sol>
Date: Fri, 17 Oct 2025 09:24:03 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Steve French <smfrench@...il.com>
Cc: linux-cifs@...r.kernel.org, Steve French <sfrench@...ba.org>,
samba-technical@...ts.samba.org, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org, Paulo Alcantara <pc@...guebit.org>,
Ronnie Sahlberg <ronniesahlberg@...il.com>,
Shyam Prasad N <sprasad@...rosoft.com>, Tom Talpey <tom@...pey.com>,
Bharath SM <bharathsm@...rosoft.com>
Subject: Re: [PATCH 0/8] smb: client: More crypto library conversions
On Fri, Oct 17, 2025 at 11:12:58AM -0500, Steve French wrote:
> > with SMB 1.0 I get "CIFS: VFS: SMB signature verification
> > returned error = -13",
>
> If testing SMB1 to Samba the server disabled signing unless I set
> "server signing = mandatory"
> in smb.conf. But with that, signing with your patches worked fine even to SMB1
>
> Were you testing to Samba with SMB1?
As per my cover letter, these are the settings I used:
Tested with Samba with all SMB versions, with mfsymlinks in the
mount options, 'server min protocol = NT1' and 'server signing =
required' in smb.conf, and doing a simple file data and symlink
verification test. That seems to cover all the modified code paths.
This was with Samba 4.23.1.
I just tried 'server signing = mandatory' too (just in case that's
different from "required"), and I still get the error.
Anyway, it's not related to my patchset, as it happens regardless of it.
I also tried some much older kernels, and it still happens there too.
- Eric
Powered by blists - more mailing lists