Re: Please, IMHO, resolve in some way the Samba MIT kerberos problem.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 04, 2019 at 03:14:34PM +0100, Dario Lesca wrote:
> Il giorno lun, 04/11/2019 alle 08.38 -0500, Neal Gompa ha scritto:
> > What defines it as experimental? 
> 
> https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
> > Using MIT Kerberos is still considered experimental.

I'd say you've buried the lede, as the rest at the link is much worse:

> Samba 4.7 and later versions have shipped with code to support
> building the Samba AD DC using MIT Kerberos. Since the time of the
> release a number of issues, *including security issues*, have been
> found by real-world use. However sadly the Samba Team has not been
> able to resource the resolution of these issues to a standard that we
> are happy with, and so Samba 4.9.3, 4.8.7 and 4.7.12 releases mark
> this mode more clearly as experimental.
>
> As an experimental feature, *we will not be issuing security patches*
> for this feature, including for:
> * S4U2Self crash with MIT KDC build

[emphasis mine]  (That said, the linked-to crasher was fixed about 3.5
months after the report.  I have no idea how that compares to typical
response times.)

I find that text worrying.  Of course, all software has the potential
for vulnerabilities, and some software is better quality than other
software in general.  Still, it's not hard to imagine people relying on
the security features in higher risk environments than they might
otherwise because "of course Fedora is using high quality security code"
and/or "it's Samba/MIT Kerberos, of course it's high quality" ... and
then it isn't.

From the wording above, it seems that Samba is no longer as confident as
they used to be that their MIT Kerberos integration is solid (i.e., they
weren't always calling it experimental), so they've (now) made the risks
explicit in their documentation.  Fedora doesn't appear to be passing
that information along (yet).

That's an easy thing to overlook -- I'm willing to assume that the Samba
project didn't send out an all points bulletin to all the distros
warning about it, but does it make sense to reconsider the default?

Maybe not, for all the reasons already stated.  In that case, I'd say
the ethical thing would be to do *something* to make sure that users are
participating in the experiment with full knowledge of the risks.

(As a point of comparison, we've deferred to the btrfs upstream
recommendation not to install Fedora on btrfs by default.  How is this
different?)

<<attachment: smime.p7s>>

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux