[CIFS] Upgrade default dialect to SMB3 from cifs (SMB1) for improved security
Steve French
smfrench at gmail.com
Sun Jul 9 00:01:52 UTC 2017
I had missed a review comment from Pavel - now included, and the first
patch updated to include that minor change.
https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=2a38e12053b760a8f5e85030eb89512660077c15
and
https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=eef914a9eb5eb83e60eb498315a491cd1edc13a1
On Sat, Jul 8, 2017 at 5:47 PM, Steve French <smfrench at gmail.com> wrote:
> Due to recent publicity about security vulnerabilities in the
> much older CIFS dialect, these patches move the default dialect to the
> widely accepted (and quite secure) SMB3.0 dialect from the
> old default of the CIFS dialect.
>
> We do not want to be encouraging use of less secure dialects,
> and both Microsoft and CERT now strongly recommend not using the
> older CIFS dialect (SMB Security Best Practices
> "recommends disabling SMBv1").
>
> SMB3 is both secure and widely available: in Windows 8 and later,
> Samba and Macs.
>
> Users can still choose to explicitly mount with the less secure
> dialect (for old servers) by choosing "vers=1.0" on the cifs
> mount e.g. to take advantage of Samba's "CIFS POSIX Extensions"
>
> The two patches for this are attached and also at:
> https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=abc018498883b395e34e2ee976bca7cb944f8ecd
>
> and
>
> https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=c9db9d35a8c85a571d1fa8987703aa0f21de5e32--
> Thanks,
>
> Steve
--
Thanks,
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-SMB3-Improve-security-move-default-dialect-to-SMB3-f.patch
Type: text/x-patch
Size: 1680 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170708/2bad24ae/0002-SMB3-Improve-security-move-default-dialect-to-SMB3-f.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-SMB3-Remove-ifdef-since-SMB3-and-later-now-STRONGLY-.patch
Type: text/x-patch
Size: 23667 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170708/2bad24ae/0001-SMB3-Remove-ifdef-since-SMB3-and-later-now-STRONGLY-.bin>
More information about the samba-technical
mailing list