The 4.13 kernel is out
The change in question is simply changing the default cifs behavior: instead of defaulting to SMB 1.0 (which you really should not use: just google for 'stop using SMB1' or similar), the default cifs mount now defaults to a rather more modern SMB 3.0."
(Log in to post comments)
The 4.13 kernel is out
Posted Sep 4, 2017 10:04 UTC (Mon) by joib (subscriber, #8541) [Link]
How does this interact with Samba and the CIFS Unix Extensions? I thought the equivalent for SMB2/3 was still a work in progress?
The 4.13 kernel is out
Posted Sep 4, 2017 14:10 UTC (Mon) by jlayton (subscriber, #31672) [Link]
The 4.13 kernel is out
Posted Sep 5, 2017 0:17 UTC (Tue) by ledow (guest, #11753) [Link]
If people need it, they can change it back. If you're reliant on such extension working, you'll test and/or change the default and suffer the consequences.
Meanwhile, people who just have a Linux PC that they mount a network drive / NAS device / their laptop files from the network on aren't exposing themselves to serious compromise.
Bad default, but be careful if you stop anybody's pig from dancing
Posted Sep 5, 2017 14:04 UTC (Tue) by tialaramex (subscriber, #21167) [Link]
There's a "First Mover" penalty which is why the Web Browser Vendors sometimes behave like a cabal - if they all make your pig stop dancing at roughly the same time, you might shake your fists and blame the cabal, but at least you won't switch to the least secure option just because it keeps your pig dancing. This avoids the Powers That Be looking at the situation and deciding by fiat that there won't be any more security fixes, all pigs must be permitted to continue dancing even if it hairlips the governor.
There's also "Last change gets the blame" at work. In many cases the reason an organisation (or home) needs SMB1 is some obsolete third party device they've become dependent on. But they bought that years ago, and humans have learned to blame the new thing, for completely rational reasons, so even though the _right_ fix might be to replace that 10 year old printer or WiFi router, the actual fix may be to return the shiny new secure Linux appliance and get the insecure alternative instead.
Bad default, but be careful if you stop anybody's pig from dancing
Posted Sep 8, 2017 15:05 UTC (Fri) by NightMonkey (subscriber, #23051) [Link]
The 4.13 kernel is out
Posted Sep 5, 2017 10:04 UTC (Tue) by claudio (guest, #118397) [Link]
The 4.13 kernel is out
Posted Sep 6, 2017 7:18 UTC (Wed) by jani (subscriber, #74547) [Link]
The 4.13 kernel is out
Posted Sep 8, 2017 15:07 UTC (Fri) by NightMonkey (subscriber, #23051) [Link]
DocBook replacement
Posted Sep 8, 2017 15:11 UTC (Fri) by corbet (editor, #1) [Link]
See this article for details, along with various other updates that can be found here.