It was suggested that we help the ksmbd developers track the security features (and bugs) very carefully, by creating a wiki page showing the status of the reviews, and allowing others to contribute to the reviews and help verify that all missed checks are added. Namjae, Hyunchal and others have done a great job responding quickly to recent problems that have been identified, but it is important that we go through this carefully. See https://wiki.samba.org/index.php/Ksmbd-review This page includes detailed descriptions of the types of checks: - by protocol operation - and also specifically for path name processing (for open, and query dir and rename e.g.) - and a list of all key functions that need to be rereviewed for any security issues (we have made a start on reviewing some of them and marking when reviewed on the page) - and also the current implemented set of SMB3.1.1 security features in ksmbd It would be a big help if others look through the list in the wiki page above, add anything they see missing, and help updated the missing information, and add reviews where possible so we can work through any additional security bugs in ksmbd rapidly. Feel free to update or improve the wiki page. -- Thanks, Steve
