On Fri, 27 Apr 2012 08:58:55 -0500 Steve French <smfrench@xxxxxxxxx> wrote: > On Fri, Apr 27, 2012 at 6:15 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > On Sat, 21 Jan 2012 12:26:43 -0500 > > simo <idra@xxxxxxxxx> wrote: > > > >> On Sat, 2012-01-21 at 07:37 -0500, Jeff Layton wrote: > >> > On Sat, 21 Jan 2012 15:03:31 +1100 > >> > Andrew Bartlett <abartlet@xxxxxxxxx> wrote: > >> > > >> > > On Fri, 2012-01-20 at 14:45 -0600, Steve French wrote: > >> > > > My general thinking on this is as follows: > >> > > > > >> > > > If the kernel is distributed to all the workstations in an organization > >> > > > with this Kconfig option disabled, it makes it harder for individual users > >> > > > to make the mistake of enabling lanman (sec=lanman, or the Kconfig > >> > > > option) on a public network and thus send weak password hashes > >> > > > which could be discovered simply. Most distros make the choice > >> > > > of enabling broader compatibility with old pre-1997 servers but > >> > > > it is a very small set of servers who would require lanman support, > >> > > > and a large number of potential attackers who could benefit if > >> > > > users enable lanman on a public network. I suspect that there > >> > > > are environments where removing code (via Kconfig) is preferred > >> > > > to trusting all owners of all workstations running that organizations > >> > > > standard linux to never enable lanman at runtime. > >> > > > > >> > > > But ... the opinion of security specialists on this would be welcome. > >> > > > >> > > We have been though some of this with the kerberos libs, which now allow > >> > > (default?) to not even compile with weak crypto. If the weak crypto is > >> > > not compiled in, it can therefore be asserted that the weak crypto > >> > > cannot be used, and this makes it easier to comply with security > >> > > audits/certification etc. > >> > > > >> > > I don't want to make your code more complex than it needs to be, but LM > >> > > encryption really, really needs to go away. If it is not a major > >> > > bother, I would like to make it easier for that to happen if possible. > >> > > > >> > > >> > The only way for it to go away completely is for all servers that > >> > support only that encryption to go away completely. Unfortunately, > >> > that's a tall order -- there are still at least some in the field and > >> > people need to get at data on them. > >> > >> Jeff, can you identify them ? > >> > >> LM only servers means pre Win 95 machines, I'd be curious to know what > >> servers are there that really support only LM hashes and not NT hashes. > >> > > > > Sorry for the long delay in responding here. Yes, mostly pre-win95 > > machines. We occasionally get reports from people using OS/2 and I'm > > pretty sure it's LM-only. > > > > Steve, in any case...shall I consider this patch NAK'ed for now? I was > > carrying it in my tree for 3.5, but it seems like there's resistance to > > removing this option and I'm not particularly religious on the matter. > > I don't think it is worth changing - I prefer to build with > WEAK_PS_HASH disabled. > Alrighty then, dropped... -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
