Steve French smfrench at gmail.com
Fri Jan 20 19:47:14 MST 2012

On Fri, Jan 20, 2012 at 3:01 PM, Jeff Layton <jlayton at redhat.com> wrote:
> On Fri, 20 Jan 2012 14:45:48 -0600
> Steve French <smfrench at gmail.com> wrote:
>> My general thinking on this is as follows:
>> If the kernel is distributed to all the workstations in an organization
>> with this Kconfig option disabled, it makes it harder for individual users
>> to make the mistake of enabling lanman (sec=lanman, or the Kconfig
>> option) on a public network and thus send weak password hashes
>> which could be discovered simply.   Most distros make the choice
>> of enabling broader compatibility with old pre-1997 servers but
>> it is a very small set of servers who would require lanman support,
>> and a large number of potential attackers who could benefit if
>> users enable lanman on a public network.  I suspect that there
>> are environments where removing code (via Kconfig) is preferred
>> to trusting all owners of all workstations running that organizations
>> standard linux to never enable lanman at runtime.
>> But ... the opinion of security specialists on this would be welcome.
> There are myriads of ways for someone to screw themselves if you give
> them root access. This one is pretty low on the list.
> Code quality is important for security too, and the writhing mass of
> ifdefs below is impossible to parse by eye and therefore debug. At some
> point we have to weigh what requires a Kconfig option, and what doesn't.
> Given that this can be administratively prohibited at runtime, I see
> absolutely no need to keep this Kconfig option around. It just adds a
> maintenance burden for no benefit.
> While it's well and good to say you want to hear from "security
> specialists", I'm not sure what that means and it sounds awfully open
> ended. Is a lack of objection sufficient for you to take this patch or
> do you need something else?

We can give some time for users to respond or perhaps paraphrase the
general question and put on lkml and see if anyone comments.

I agree that removing the ifdef would simplify the code but would be
helpful to see if there are those who turn on the Kconfig for reasons
similar to what I described



More information about the samba-technical mailing list