Linux

48185 readers

1906 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

165

Linux 6.6's in-kernel SMB networking server graduates (www.theregister.com)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

17 comments fedilink hide all child comments

The next release of the Linux kernel, 6.6 [will] include the KSMBD in-kernel server for the SMB networking protocol, developed by Samsung's Namjae Jeon.

it has faced considerable security testing and as a result it is no longer marked as experimental.

It's compatible with existing Samba configuration files.

But why is KSMBD important? First off, it promises considerable performance gains and better support for modern features such as Remote Direct Memory Access (RDMA)... KSMBD also adds enhanced security, considerably better performance for both single and multi-thread read/write, better stability, and higher compatibility. In the end, hopefully, this KSMBD will also mean easier share setups in Linux without having to jump through the same hoops one must with the traditional Samba setup.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 50 points 1 year ago (2 children)

KSMBD is also important in that placing such core server functionality right inside the kernel represents a significant potential attack surface for crackers. As one comment on Hacker News said "Unless this is formally proven or rewritten in a safer language, you'll have to pay me in solid gold to use such a CVE factory waiting to happen."

Words to live by.

[–] [email protected] 25 points 1 year ago* (last edited 1 year ago)

There have been vulnerabilities on the TCP/IP stack on a number of platforms (maybe all?), and that's a rather smaller attack surface.

EDIT: It also looks like ksmbd has already built itself a bit of a security history:

https://access.redhat.com/solutions/6991749

EDIT2: A bad security history:

https://lwn.net/Articles/871866/

The commit history for ksmbd shows a steady stream of fixes, as expected. Worryingly, though, many of the problems being fixed are clearly security issues — not a good thing in a network filesystem implementation. Examples include:

The code to change ownership and permissions did not check existing file permissions first.

Failure to validate data lengths could lead to access to invalid data.

The server would blindly follow symbolic links during pathname lookup.

Numerous failures to validate buffer lengths, such as this one or this one.

All of those fixes were applied after ksmbd landed in the mainline; there are others that came before. Currently, twelve fixes to ksmbd credit Coverity scans in their changelogs.

Those would worry me if they showed up in a production userspace network filesystem.

[–] [email protected] 2 points 1 year ago

I guess if you're just running it in a VM with a passthrough storage device with nothing else running in the VM that could be okay.