Re: [GIT PULL] ksmbd server security fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 22, 2021 at 10:20:01PM -0500, Steve French wrote:
On Wed, Sep 22, 2021 at 9:47 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:

Hi Steve,

I was looking through the history[1] of the ksmbd work, and I'm kind
of surprised at some of the flaws being found here.

I was also surprised that a couple of these weren't found by smbtorture,
although to be fair it is more focused on functional testing of the protocol
(and is quite detailed).  Most of my analysis of the code had been
focused on functional coverage, and protocol features (and removing

Steve, you should have been surprised they weren't
caught by smbtorture, especially if your "analysis of the code
had been focused on functional coverage".

No one has been looking at the logic for this, and IMHO
that's a problem. It's good they are looking now, but
I think this code needs additional maintainers.



[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux