Given PrintNightmare, should spoolss go the way of SMB1: off by default?

Andrew Bartlett abartlet at
Thu Jul 1 01:56:05 UTC 2021

G'Day all,

It seems the current keep-the-sysadmin-up-at-night is a thing called
PrintNightmare (CVE-2021-1675):

Hopefully this doesn't read on Samba, nobody really knows the details
right now, and if you find out please mail the Samba security alias
with the details of how and we will deal with that confidentially.

But the public question I have is this:  For Samba 4.15, can we set
'disable spoolss = true' by default please?

I love printing just as much as any other team member (joke!), but we
have a lot of juicy code in printing that many use cases don't need. 

When the next printing exploit comes our way, it would be nice if like
SMB1, many of our installs have it turned off already.

What do folks think?

Andrew Bartlett
Andrew Bartlett (he/him)
Samba Team Member (since 2001)
Samba Team Lead, Catalyst IT

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba-technical mailing list