You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.3 KiB
36 lines
1.3 KiB
[SMB3] Improve security, move default dialect to SMB3 from old CIFS
|
|
Due to recent publicity about security vulnerabilities in the
|
|
much older CIFS dialect, move the default dialect to the
|
|
widely accepted (and quite secure) SMB3.0 dialect from the
|
|
old default of the CIFS dialect.
|
|
|
|
We do not want to be encouraging use of less secure dialects,
|
|
and both Microsoft and CERT now strongly recommend not using the
|
|
older CIFS dialect (SMB Security Best Practices
|
|
"recommends disabling SMBv1").
|
|
|
|
SMB3 is both secure and widely available: in Windows 8 and later,
|
|
Samba and Macs.
|
|
|
|
Users can still choose to explicitly mount with the less secure
|
|
dialect (for old servers) by choosing "vers=1.0" on the cifs
|
|
mount
|
|
|
|
Signed-off-by: Steve French <smfrench@gmail.com>
|
|
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
|
|
--- a/fs/cifs/connect.c 2019-10-19 09:34:13.448215659 +0200
|
|
+++ b/fs/cifs/connect.c 2019-10-19 09:41:22.938494534 +0200
|
|
@@ -1274,9 +1274,9 @@
|
|
|
|
vol->actimeo = CIFS_DEF_ACTIMEO;
|
|
|
|
- /* FIXME: add autonegotiation -- for now, SMB1 is default */
|
|
- vol->ops = &smb1_operations;
|
|
- vol->vals = &smb1_values;
|
|
+ /* FIXME: add autonegotiation for SMB3 or later rather than just SMB3 */
|
|
+ vol->ops = &smb30_operations; /* both secure and accepted widely */
|
|
+ vol->vals = &smb302_values;
|
|
|
|
if (!mountdata)
|
|
goto cifs_parse_mount_err;
|
|
|