Project

General

Profile

Actions
Copy link

Feature #14097

open

time to disable SMB1 by default

Added by Gordon Ross 2 months ago. Updated 2 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Gordon Ross
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
1721

Description

Much of the world have moved on past SMB1, so much so that servers that have SMB1 enabled are reported by security scanners as "insecure".
While our SMB1 is not and has never been vulnerable to the defects referred to by those security scanners, most of us supporting this code have grown tired of explaining that to the people who pay for and trust the results of these so called security scans. Let's go ahead and make SMB1 disabled by default. Those who need it can turn it back on.

Import this fix from github/Nexenta

commit a9c06f166c65c0c47fd27fe5af14f0cde43f4f6d
Author: Gordon Ross <gwr@nexenta.com>
Date:   Mon Jul 1 16:00:34 2019 -0400

    NEX-20541 time to disable SMB1 by default (redo)

    Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
    Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
    Reviewed by: Matt Barden <matt.barden@nexenta.com>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>

2       2       usr/src/cmd/smbsrv/smbd/server.xml
9       6       usr/src/lib/smbsrv/libsmb/common/smb_cfg.c
Actions
Copy link
 #1

Updated by Dan McDonald 2 months ago

Please make sure a heads-up goes out when this commits. I know some home users enable SMB1 so their "smart" printer/scanner can send scans to the "network drive".

Actions
Copy link
 #2

Updated by Electric Monk 2 months ago

  • Gerrit CR set to 1721
Actions
Copy link

Also available in: Atom PDF