On Fri, Jan 20, 2012 at 3:01 PM, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > On Fri, 20 Jan 2012 14:45:48 -0600 > Steve French <smfrench@xxxxxxxxx> wrote: > >> My general thinking on this is as follows: >> >> If the kernel is distributed to all the workstations in an organization >> with this Kconfig option disabled, it makes it harder for individual users >> to make the mistake of enabling lanman (sec=lanman, or the Kconfig >> option) on a public network and thus send weak password hashes >> which could be discovered simply. Most distros make the choice >> of enabling broader compatibility with old pre-1997 servers but >> it is a very small set of servers who would require lanman support, >> and a large number of potential attackers who could benefit if >> users enable lanman on a public network. I suspect that there >> are environments where removing code (via Kconfig) is preferred >> to trusting all owners of all workstations running that organizations >> standard linux to never enable lanman at runtime. >> >> But ... the opinion of security specialists on this would be welcome. >> > > There are myriads of ways for someone to screw themselves if you give > them root access. This one is pretty low on the list. > > Code quality is important for security too, and the writhing mass of > ifdefs below is impossible to parse by eye and therefore debug. At some > point we have to weigh what requires a Kconfig option, and what doesn't. > > Given that this can be administratively prohibited at runtime, I see > absolutely no need to keep this Kconfig option around. It just adds a > maintenance burden for no benefit. > > While it's well and good to say you want to hear from "security > specialists", I'm not sure what that means and it sounds awfully open > ended. Is a lack of objection sufficient for you to take this patch or > do you need something else? We can give some time for users to respond or perhaps paraphrase the general question and put on lkml and see if anyone comments. I agree that removing the ifdef would simplify the code but would be helpful to see if there are those who turn on the Kconfig for reasons similar to what I described -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
