Removal or updating of "mount_smbfs" from FreeBSD operating system
Yuri Pankov
yuripv at yuripv.net
Tue Nov 27 16:56:06 UTC 2018
Edward Napierala wrote:
> pon., 26 lis 2018 o 17:20 Gerard Seibert <gerard at seibercom.net> napisał(a):
>>
>> TO WHOM IT MAY CONCERN
>>
>> The “SMBv1” protocol is a security hazard and was depreciated by Microsoft in
>> 2014. There is virtually no use for it anymore.
>>
>> The “mount_smbfs” utility in FreeBSD only uses that protocol, which results
>> in making it useless with newer versions of Microsoft’s operating systems, as
>> well as other OS’s that have depreciated the use of SMBv1.
>>
>> I would like to suggest that FreeBSD do one of the following:
>>
>> 1) Remove “mount_smbfs” from FreeBSD. This would probably be in versions 12.1
>> or 13. It is perhaps too late to get into FreeBSD 12.
>>
>> 2) Update “mount_smbfs” so that it is compatible with versions SMBv3 and
>> greater. While "SMBv2" is not dead, it is definitely comatose. This would be a
>> better idea if someone had the time to do it.
>
> FWIW, I believe SMBv3 is just a set of (largely optional) extensions to SMBv2,
> not an entirely different protocol, like SMBv1 is. Which means, any version
> that supports v3 is likely to also handle v2.
>
> There seems to be existing, working code in Nexenta, which is being
> upstreamed to Illumos:
>
> https://www.illumos.org/issues/9735
> https://github.com/illumos/illumos-gate/pull/37
>
> Their implementation descends from the one we have in base (and the one
> from OSX, which also descends from FreeBSD), so it should be possible to
> merge it.
Yes, we have it working and tested pretty well. And that's exactly the
reason I was asking if there's work in progress for smb2/3 client or not
before even starting looking into porting the code.
The problem here is that the code has grown library dependencies which
are CDDL-licensed, which aren't easy to break (if at all), so if ported,
it will be covered by WITHOUT_CDDL; hopefully that's acceptable. It's
possible that Nexenta-authored code could be relicensed under BSDL (I'll
have to ask, we already have a precedent with localedef), but sadly that
doesn't cover everything.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20181127/c1a57f00/attachment.sig>
More information about the freebsd-arch
mailing list