Announcement

Collapse
No announcement yet.

That Didn't Take Long: KSMBD In-Kernel File Server Already Needs Important Security Fix

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    This looks odd to me, considering openat2 already has RESOLVE_BENEATH.
    Does RESOLVE_BENEATH have no counterpart in kernel and implemented purely in userspace?

    Comment


    • #32
      Originally posted by arQon View Post

      No, you really do. We've DONE this already, getting samba to sustain GbE line rate on incredibly shitty hardware (as in dual-core 600MHz ARM with no RAM levels of "shitty"). Once you have zerocopy, there's almost nothing that actually *needs* to be in kernelspace because you just aren't making enough roundtrips for it to matter. Electing to massively increase the attack surface of the kernel for the sake of wringing the last few trivial drops of +perf out of something like this is simply a bad decision.

      It's not like Linus et al are idiots, and they're the ones who approved this, but IMO that doesn't make it any less of a poor choice. I can understand being motivated to do it by history (e.g. "NFS is in the kernel already" etc), despite that being from a time where there were far fewer attacks taking place and the kernel was 1/1000th of its current size; or to win a benchmark against Windows Server etc, but it's still not the choice I'd have made: not least because eventually someone is going to argue that SMB4 "needs to" be in the kernel too, since NFS and SMB3 are, and SMB4 is a @#$%ing nightmare...

      Still, at least THIS one was caught early.
      Can you explain how SMB4 is a nightmare?

      I'm deeply curious about this one, as samba is a major part of my job

      Comment


      • #33
        Originally posted by Moscato View Post
        Can you explain how SMB4 is a nightmare?
        If simply USING it is a major part of your job, you don't need to worry about it.

        The issue is that it's apparently massively more complex than SMB3, i.e. it's a nightmare to IMPLEMENT. I don't remember the source, but the number I saw was ~10x the amount of code or worse.

        Comment


        • #34
          Originally posted by arQon View Post

          If simply USING it is a major part of your job, you don't need to worry about it.

          The issue is that it's apparently massively more complex than SMB3, i.e. it's a nightmare to IMPLEMENT. I don't remember the source, but the number I saw was ~10x the amount of code or worse.
          That's only if you need to setup Samba as a Domain Controller. Not needed for normal file sharing.

          Comment

          Working...
          X