|
|
the issue is due to upstream modifications,
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/cifs?id=eef914a9eb5eb83e60eb498315a491cd1edc13a1
eef914a9eb5eb83e60eb498315a491cd1edc13a1.patch (1,695 bytes)
From eef914a9eb5eb83e60eb498315a491cd1edc13a1 Mon Sep 17 00:00:00 2001
From: Steve French <[email protected]>
Date: Sat, 8 Jul 2017 17:30:41 -0500
Subject: [SMB3] Improve security, move default dialect to SMB3 from old CIFS
Due to recent publicity about security vulnerabilities in the
much older CIFS dialect, move the default dialect to the
widely accepted (and quite secure) SMB3.0 dialect from the
old default of the CIFS dialect.
We do not want to be encouraging use of less secure dialects,
and both Microsoft and CERT now strongly recommend not using the
older CIFS dialect (SMB Security Best Practices
"recommends disabling SMBv1").
SMB3 is both secure and widely available: in Windows 8 and later,
Samba and Macs.
Users can still choose to explicitly mount with the less secure
dialect (for old servers) by choosing "vers=1.0" on the cifs
mount
Signed-off-by: Steve French <[email protected]>
Reviewed-by: Pavel Shilovsky <[email protected]>
---
fs/cifs/connect.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
(limited to 'fs/cifs')
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 6ab261cd..59647eb 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1272,9 +1272,9 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
vol->actimeo = CIFS_DEF_ACTIMEO;
- /* FIXME: add autonegotiation -- for now, SMB1 is default */
- vol->ops = &smb1_operations;
- vol->vals = &smb1_values;
+ /* FIXME: add autonegotiation for SMB3 or later rather than just SMB3 */
+ vol->ops = &smb30_operations; /* both secure and accepted widely */
+ vol->vals = &smb30_values;
vol->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
--
cgit v1.1
|
|
|
|
@roadkill you need to explain this better, the change of the default version of the SMB protocol used does not translate into a kernel crash for me. |
|
|
|
@rhertzog since the default were changed to actually mount cifs you need to include the vers=1.0 so yes a kernel crash is not the expected result but this should be a working, you can also revert the patch for the kernel to restore old behavior.
e.g.
mount -t cifs -o vers=1.0,username=myuser,pass=mypass //192.168.1.100/share /mnt/myshare
that way the crash would be prevented |
|
|
|
@rhertzog unfortunately there are multiple bugs related with cifs mounting and kernel crashes, this is a workaround and not a solution |
|
|
|
Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling 2016.x/2017.x), these legacy versions are no longer supported.
We will be closing this ticket due to inactivity.
Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)?
If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing,and also give information about your setup?
For more information, please read: https://kali.training/topic/filing-a-good-bug-report/ |
|
