That Didn't Take Long: KSMBD In-Kernel File Server Already Needs Important Security Fix

Written by Michael Larabel in Linux Security on 19 September 2021 at 01:05 PM EDT. 33 Comments
LINUX SECURITY
It was just a few weeks back that KSMBD was merged into Linux 5.15 while now it's seeing its first important security fix.

When KSMBD as an in-kernel SMB3 file server was first talked about, many expressed concerns in the name of security even though NFS exists within the kernel, etc. This weekend's security vulnerability for KSMBD is an issue leading to files outside of the SMB3 file share being accessible to clients...

The embarrassing vulnerability comes from .. not being properly handled and thus files outside of the intended share directory being accessible. In turn the fix to prevent out-of-share access to files is properly normalizing the path and removing . and . components. Whoops!


This "important security fix" was sent in today for the Linux 5.15 kernel, potentially landing in time for 5.15-rc2 later today. Additionally, the pull request has a missing buffer overflow check. There are also three more patches currently undergoing review/testing for additional buffer overflow cases in the KSMBD server.

Samsung has been developing KSMBD as an in-kernel alternative to Samba that is designed to offer higher performance and support for features like RDMA that can't be as easily or effectively achieved in user-space. Hopefully its code will get vetted well ahead of Linux 5.15 stable so any initial security woes will be addressed before hitting stable.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week