Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp699719pxb; Thu, 23 Sep 2021 08:53:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGH5j0KRFEGun9Q62ODePeP+A38jNFfZH1++bj7vY2V7ZndymPxQhcOB9yl3VtJ77yNEiL X-Received: by 2002:a6b:dc05:: with SMTP id s5mr4603599ioc.109.1632412425993; Thu, 23 Sep 2021 08:53:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632412425; cv=none; d=google.com; s=arc-20160816; b=mpgUm5VLN5Xte4Ji3lf69YbnB0WTm3zzbAmAtd0cIGjxeJ/h/77E0kGgo+2LozPNAX q2Bahdq5lndlHz0uk43URrPRiyqm5BVxRekdtUmMb/a3wop6EaRMpjIbsnwn2Sn9UvIA CAanAkKgJeRkz6S4ntuQFVXqXwTEfCQbvKD04im5y6NEU6yZHIy7+01Bgn9o43c8JrvT +CUoc6bd0KqAGWmJJnSlYVPrJboeKH7927suRhID20dhSnMpxitPTcY/J5C9p/uGJwyb MRHnF8Ln7HGFxz8ssSw0cqvznWIQjhfjxTLNEAo79GGqdST2cc7N3nEgWYY8YTeE4GpY U7mA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=rfll4h7LdtMEWw8B/3NMhDmFRKX+I7KhoeBywQmmero=; b=kMRuzx7k9dBTG3EWJoAwFn/eSL5XDlc9HxGNbsU1Fq7MO6I1N8XWKRe5kcfrhXQUSG bNcnE6TZYPCEGnzkKUxiBscuwfXGe4YuEzhoKixawShr2/o882ahm8cUprNKxHjiXOES 616YZaCS4Lfo231zgPXabGsymyWGb5CR7JuRtxSiV1ehO8EoRICwRu+q6sqLMjuXXdow sLMwkpDh9bBghP3HswT6p6wkYoWsPM2PY4Bv1Q4oOfDvky6gkIzfVYbbLzwNzHSpSbuU N0dzxSalfdGSbfoqLUznnjfonwx+GuvrDGutXn7Dm+l36T2UUglddyr9Vb1jC230bBmc UTbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@samba.org header.s=42 header.b=knJgrUjX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=samba.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m10si6528217ioh.48.2021.09.23.08.53.33; Thu, 23 Sep 2021 08:53:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@samba.org header.s=42 header.b=knJgrUjX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=samba.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242068AbhIWPyO (ORCPT + 99 others); Thu, 23 Sep 2021 11:54:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242051AbhIWPyN (ORCPT ); Thu, 23 Sep 2021 11:54:13 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39FC3C06175F; Thu, 23 Sep 2021 08:42:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-ID:Cc:To:From:Date; bh=rfll4h7LdtMEWw8B/3NMhDmFRKX+I7KhoeBywQmmero=; b=knJgrUjXLrmnHS/i0SSqtm0YPO wmM8TWJEg5mw2CjZk3yyd+ANvjpNaFFb3wuyZEp4oaCfZs4iHpazy57XrYmGm/v9TYyCKCQGQhdQN mZxy/qmWbscnnUr9l5/TdgZHDkA62qc5/lkOSUZp4QTHDqDrOr+8mmuBV3Vkn/0vAMT9H16CccxnA KJJuGSmJSzYtfm8BBHsMmxOSW/Klevyn3H4AkqAe5i0zKQjjtW1kLULdBrPM6THi7EPEXBlNFwCZx tFo+iDvePrQek1xQu1LUYJhPwAtNpdkL0VPjPjJOfmEOsaLI6/5di+4SDD3srZLX1dxzYtV7b+E98 hL+tXXSLkks7QOxVdQfeBPz2IckGk3qc01weP98BTQwPnym6bbiTCMhA1s2K2J+h4wppkbYCc/JBI Tj/r/vQHZTgRos585MODsmol4hHj1IjWg0sgHiTPF3ATOtoNA1hcMNQD/T/+BLofvGNWo4VsJxqZ1 ip1cmePt0/izjR3onZ4IB70j; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mTQs3-007Wvr-U3; Thu, 23 Sep 2021 15:42:48 +0000 Date: Thu, 23 Sep 2021 08:42:44 -0700 From: Jeremy Allison To: Steve French Cc: Kees Cook , Linus Torvalds , CIFS , LKML , Namjae Jeon Subject: Re: [GIT PULL] ksmbd server security fixes Message-ID: Reply-To: Jeremy Allison References: <202109221850.003A16EC1@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 22, 2021 at 10:20:01PM -0500, Steve French wrote: >On Wed, Sep 22, 2021 at 9:47 PM Kees Cook wrote: >> >> Hi Steve, >> >> I was looking through the history[1] of the ksmbd work, and I'm kind >> of surprised at some of the flaws being found here. > >I was also surprised that a couple of these weren't found by smbtorture, >although to be fair it is more focused on functional testing of the protocol >(and is quite detailed). Most of my analysis of the code had been >focused on functional coverage, and protocol features (and removing Steve, you should have been surprised they weren't caught by smbtorture, especially if your "analysis of the code had been focused on functional coverage". No one has been looking at the logic for this, and IMHO that's a problem. It's good they are looking now, but I think this code needs additional maintainers.