Disable SMB2 for 3.6?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jul 7 11:32:54 MDT 2011
On Thu, Jul 07, 2011 at 10:12:26AM -0700, Jeremy Allison wrote:
> So I've been thinking about this. The reason it went undetected
> for so long is that mostly it's not an issue for correctness for
> the client. Most clients are single credential connections for
> most of the time.
>
> Sure, it's a mistake and has to be fixed at the top level (in
> the same way as we have the AS_USER flag in SMB1), but it isn't
> a "the sky is falling" bug as you're saying here.
It is, sorry. The problem is that the architecture is so
opaque that this was not detected for many, many months. And
this is not fixable with a simple patch. We need to re-think
the security model of the SMB2 server, and this takes much
more time than we have before releasing 3.6. This has been
postponed too many times already, we just can't deny our
users the other features anymore.
> If we control this at the top level dispatch table, as metze's
> patch does (and is the same way it's done in SMB1) then I don't
> think we're in worse shape than SMB1.
Sorry, we don't have a central dispatch table. This is a big
switch statement with individual security treatment per
request. This is just asking for a security nightmare.
Volker
More information about the samba-technical
mailing list