[HN Gopher] Linux Kernel Ksmbd Use-After-Free Remote Code Execut... ___________________________________________________________________ Linux Kernel Ksmbd Use-After-Free Remote Code Execution Vulnerability Author : choult Score : 31 points Date : 2022-12-22 21:15 UTC (1 hours ago) (HTM) web link (www.zerodayinitiative.com) (TXT) w3m dump (www.zerodayinitiative.com) | enasterosophes wrote: | It's like a bunch of people correctly predicted a few months ago | that maybe this kind of attack surface shouldn't be added into | the kernel: https://news.ycombinator.com/item?id=28355754 | rektide wrote: | [flagged] | tpush wrote: | Sincerely, what the hell are you even talking about? You are | literally commenting on a kernel RCE enabled by putting this | stuff in the kernel! | anonymousiam wrote: | It's obviously a GPT-3 generated comment. | jacquesm wrote: | If you're lucky. | [deleted] | mappu wrote: | Samba outperforms ksmbd anyway - | https://samba.plus/blog/detail/ksmbd-a-new-in-kernel-smb-ser... | | The main reason to use ksmbd is if you can't use GPLv3 Samba. | Most PC SMB servers will still be using Samba instead of ksmbd | for this reason. Ksmbd is mostly used on NAS boxes. | anderspitman wrote: | My main reason for wanting ksmbd is that it's tiny (a few | hundred k I believe). The smallest Samba build I've seen is | ~40MB, and not very portable at all. I pretty much had to use | buildroot to make it work. | | My use case is shipping minimal Linux kernels + initramfs that | can be run with QEMU. I need file sharing and SMB is the most | universal protocol. I can ship the entire kernel (~5MB) and | QEMU (~15MB) in less space than Samba. I would love a minimal | build. | amarshall wrote: | > The main reason to use ksmbd is if you can't use GPLv3 Samba | | If that's the case, why did they have to put it in the Kernel? | Couldn't it have just been userland? | snvzz wrote: | Yet another vulnerability and exploit that just wouldn't be | possible on a well-designed system, such as Genode[0] with | seL4[1]. | | Monolithic UNIX clones are an anachronism we are well past the | time to get rid of. | | 0. https://genode.org/ | | 1. https://sel4.systems/ | xuhu wrote: | Do any shares have to be defined or just the module enabled for | this to work ? | ZiiS wrote: | Not my area; but it looks to me like you have to be able to | mount a share; so it is only unauthenticated if you have public | shares defined. | anderspitman wrote: | See also https://lwn.net/Articles/871866/. | | I would love to see this implementation succeed (Samba is too big | and not portable enough for my use case), but there have | definitely been challenges. | hsbauauvhabzb wrote: | The css doesn't correctly overflow text on my phone meaning half | the page is not rendered. Which kernel versions are vulnerable to | this? ___________________________________________________________________ (page generated 2022-12-22 23:00 UTC)