Project

General

Profile

Actions

Feature #14097

open

time to disable SMB1 by default

Added by Gordon Ross 30 days ago. Updated 25 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Much of the world have moved on past SMB1, so much so that servers that have SMB1 enabled are reported by security scanners as "insecure".
While our SMB1 is not and has never been vulnerable to the defects referred to by those security scanners, most of us supporting this code have grown tired of explaining that to the people who pay for and trust the results of these so called security scans. Let's go ahead and make SMB1 disabled by default. Those who need it can turn it back on.

Import this fix from github/Nexenta

commit a9c06f166c65c0c47fd27fe5af14f0cde43f4f6d
Author: Gordon Ross <gwr@nexenta.com>
Date:   Mon Jul 1 16:00:34 2019 -0400

    NEX-20541 time to disable SMB1 by default (redo)

    Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
    Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
    Reviewed by: Matt Barden <matt.barden@nexenta.com>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>

2       2       usr/src/cmd/smbsrv/smbd/server.xml
9       6       usr/src/lib/smbsrv/libsmb/common/smb_cfg.c
Actions #1

Updated by Dan McDonald 30 days ago

Please make sure a heads-up goes out when this commits. I know some home users enable SMB1 so their "smart" printer/scanner can send scans to the "network drive".

Actions #2

Updated by Electric Monk 25 days ago

  • Gerrit CR set to 1721
Actions

Also available in: Atom PDF