[SMB3] Improve security, move default dialect to SMB3 from old CIFS

Due to recent publicity about security vulnerabilities in the much older CIFS dialect, move the default dialect to the widely accepted (and quite secure) SMB3.0 dialect from the old default of the CIFS dialect. We do not want to be encouraging use of less secure dialects, and both Microsoft and CERT now strongly recommend not using the older CIFS dialect (SMB Security Best Practices "recommends disabling SMBv1"). SMB3 is both secure and widely available: in Windows 8 and later, Samba and Macs. Users can still choose to explicitly mount with the less secure dialect (for old servers) by choosing "vers=1.0" on the cifs mount Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
2017-07-08 17:30:41 -05:00 · 2017-07-08 17:30:41 -05:00 · eef914a9eb
parent 2a38e12053
commit eef914a9eb
1 changed files with 3 additions and 3 deletions
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@ -1272,9 +1272,9 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,

 	vol->actimeo = CIFS_DEF_ACTIMEO;

-	/* FIXME: add autonegotiation -- for now, SMB1 is default */
-	vol->ops = &smb1_operations;
-	vol->vals = &smb1_values;
+	/* FIXME: add autonegotiation for SMB3 or later rather than just SMB3 */
+	vol->ops = &smb30_operations; /* both secure and accepted widely */
+	vol->vals = &smb30_values;

 	vol->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;