Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751412AbdIAAl7 (ORCPT ); Thu, 31 Aug 2017 20:41:59 -0400 Received: from mail-pg0-f44.google.com ([74.125.83.44]:36253 "EHLO mail-pg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750925AbdIAAl6 (ORCPT ); Thu, 31 Aug 2017 20:41:58 -0400 X-Google-Smtp-Source: ADKCNb6qt4NFy4/s87Gmt1Cwjd2fJCx7TqvyCwZt7R6kYJEwYhxJZGlhsG1YEU5o/vtYJDc+20zy3zK4WRsTDPr10Mw= MIME-Version: 1.0 In-Reply-To: <59A8A3F5.7080908@tlinx.org> References: <1504213298-27431-1-git-send-email-linux@leemhuis.info> <59A8A3F5.7080908@tlinx.org> From: Steve French Date: Thu, 31 Aug 2017 19:41:36 -0500 Message-ID: Subject: Re: RFC: Revert move default dialect from CIFS to to SMB3" To: "L. A. Walsh" Cc: Linus Torvalds , Linux Kernel Mailing List , Pavel Shilovsky Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2017 Lines: 49 On Thu, Aug 31, 2017 at 7:04 PM, L. A. Walsh wrote: > Thorsten Leemhuis wrote: >> >> This reverts commit eef914a9eb5eb83e60eb498315a491cd1edc13a1 ( >> [SMB3] Improve security, move default dialect to SMB3 from old CIFS), as >> it confuses users: https://bugzilla.kernel.org/show_bug.cgi?id=196599 >> >> It was a patch to improve security by switching to SMB3 by default and >> support SMB1 (aka CIFS) only when explicitly requested, as the latter >> is not considered secure anymore (see below for details). This is one of >> the rare cases where regressions are unavoidable and accepted in Linux. >> > > ---- > Why not SMB2.1? Win7 is still in support and getting security updates. > MS has not issued any updates for Win7 upgrading it to SMB3.0 for any > reason (that I'm aware of) -- including security. > If there were security problems in Win7 w/SMB2.1, wouldn't MS > issue patches -- as they did for WinXP just recently for a severe > SMB1 bug? This was discussed at length with Microsoft, others on the Samba team, and various vendors at the last SMB3 test event, and the general opinion was that we should move to: 1) multi-dialect negotiate starting at the minimum 'secure-enough' dialect (distros can already do this by patching the user space tools, with retry), offering SMB2.1 through SMB3.02 (secure SMB3.1.1 requires an additional patch that is not ready) but this was not ready for 4.13 due to difficulties with the "validate negotiate" handling. It is planned for next release (move from SMB3 default to SMB2.1 through SMB3.11) 2) In the interim, given the seriousness of security issues around older dialects, pick the best compromise as the default and SMB3 was considered more secure (it offers encryption e.g. which is required for some modern servers like Azure). There was some urgency in making this change for obvious reasons, but it should be easier in 4.14 (and backport to stable presumably) when multidialect support is complete. -- Thanks, Steve