Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bug Linux

Linux Kernel Security Bug Allows Remote Code Execution for Authenticated Remote Users (zdnet.com) 51

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6....

The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance....

Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

This discussion has been archived. No new comments can be posted.

Linux Kernel Security Bug Allows Remote Code Execution for Authenticated Remote Users

Comments Filter:
  • by Spazmania ( 174582 ) on Sunday December 25, 2022 @04:40PM (#63157258) Homepage

    If you just run ordinary Samba instead of trying to cram all this stuff into the kernel, you don't have a problem. Lots of stuff just doesn't need to be in the kernel.

  • by manu0601 ( 2221348 ) on Sunday December 25, 2022 @04:59PM (#63157270)
    I do not want to re-ignite the microkernel vs monolithic war, but was it really necessary to implement SMB in kernel?
    • by ArchieBunker ( 132337 ) on Sunday December 25, 2022 @05:22PM (#63157308)

      Don’t worry I’m sure it will get merged into systemd.

    • by gweihir ( 88907 )

      Obviously not. Also, in order to have a secure system, do not compile stuff in you are not using. Or at the very least delete the modules.

    • by Burdell ( 228580 )

      The microkernel people always just waved away performance concerns, promising that they'd be addressed later (but with no clear path to do so). Message passing between independent memory spaces will always have higher latency.

      Network file sharing needs high performance (low latency is actually more important for most things than high throughput), and so it usually ends up in the kernel. The Linux NFS server started out as a user-mode program, but they just never could get good performance out of it, so it m

      • It is rare that the bottleneck for networked filesystems is in the kernel.

        • by DDumitru ( 692803 ) <`moc.ocysae' `ta' `guod'> on Sunday December 25, 2022 @10:15PM (#63157650) Homepage
          A network file system is user space has to deal with two user to kernel transitions. The backing file store is in the kernel, and the network is in the kernel. A couple of years ago, I sat in on a "user space performance optimizing" session at an SNIA conference. All sorts of tricks including polling, io-uring, etc. I asked what I thought was a reasonable question. What techniques should we equate these two if we are writing in kernel space. The answer was simple. In kernel space, you don't take the hits. Kernel space is faster, more controllable, and more deterministic. It is harder to code in, but there are reasons the performance critical stuff is there. This is also why Rush will take off. Kernel and tight compiled code.
          • by Anonymous Coward

            The microkernel people always just waved away performance concerns, promising that they'd be addressed later (but with no clear path to do so). Message passing between independent memory spaces will always have higher latency.

            There is quite a bit you can do about it, even short of faster context switching hardware. Which isn't strange to ask for given all the other specialised hardware for specific tasks found in modern desktop CPUs.

            One example is QNX' "canned messages", where one process prepares a message for later delivery, which gets done on a fast signal once it happens.

            A network file system is user space has to deal with two user to kernel transitions. The backing file store is in the kernel, and the network is in the kernel.

            You could stick the network FS in with the user space network stack process.

            Let me also mention the other two rings x86 gives you, cribbed from multics wi

          • This is also why Rush will take off

            To the Great White North?

          • by bfields ( 66644 )

            Note, another factor is that it's easier to integrate an in-kernel server with the exported filesystems.

            File locking, NFSv4 file delegations, NFSv4 change attributes, and lookup of files by filehandle are all areas where we've traditionally depended on in-kernel interfaces between knfsd and filesystems.

            Over time we've added APIs which expose that functionality to userspace (see for example open_by_handle_at(2)), and we may some day get to the point where userspace has access to all the same filesystem funct

        • Samba becomes a problem for performance at 100Gbps. It's fine at 40Gbps. Now how many people are doing 100Gbps SMB servers is another question, but 99.999% of all Linux based servers doing SMB are better off with Samba. Frankly the kernel based NFS server is a disaster area as you have zero visibility of what the hell is going on when things go wrong and you invariably end up having to reboot the server.

          • 100Gbps is fast hardware. Seems like you should have a faster CPU and RAM if you have that fast of storage.

            Regardless, there should be solutions that don't involve putting the server in the kernel.

      • by Bert64 ( 520050 )

        You don't need to run as root, you could implement a userland service that only provided access to files owned by one user.
        You could also drop privileges once a user has authenticated, down to the level of the currently authenticated user. That way you don't need to implement permission checks in the service either, since the kernel will take care of that.

        • by Burdell ( 228580 )

          That's a very simplistic design that doesn't scale well to thousands of clients. And for SMB/CIFS to Windows clients, I'm not even sure how well it would work (since the Windows permission model doesn't map 100% onto the Unix permission model, so IIRC some things are stored in extended attributes interpreted by Samba, don't know about the kernel SMB).

          And it still isn't a perfect security fix, since a compromise would allow access to things outside the exported segment of the filesystem (the base OS, possibl

          • by Bert64 ( 520050 )

            It depends on what exactly you're running SMB for, and how many clients you actually have...
            A lot of SMB on Linux deployments are in the form of small scale NAS appliances. Many of them only have one user, and no need for any permissions system.

      • An 8 bit entry on every cache and TLB entry and an 8 bit comparison before finalising an instruction (or load for RISC) would be enough for drivers and the odd kernel integrated server, it's not a big deal.

        • PS. I see SeL4 has PCID support, so it can run 4096 MMU isolated processes without TLB flushing right now. Though for AMD only Zen 3 and up has support.

    • There is always a performance/security tradeoff. If userland samba is fast enough, then do not use a kernel SMB module. I imagine there are use cases for which a kernel module was necessary (servers and performance).

    • It's a kernel module. You can put anything in a module.

    • Re: (Score:2, Informative)

      by AmiMoJo ( 196126 )

      I had the same question so did some research. Maybe I'm too generous, but I tend to assume there is a good reason and want to know what it is.

      The main one seems to be performance. SMB can actually perform quite well if some of the high end stuff is implemented, like DMA that bypasses some of the handling overhead. To get that it needs to be in the kernel.

    • was it really necessary to implement SMB

      Nope

    • Or they could have had it implemented using FUSE [wikipedia.org].
  • Or is it something more complex? Or is it slashdots title editors fault...

    • by Talchas ( 954795 )
      Sounds like just "authenticated to the ksmdb server", assuming you're hosting some SMB filesystems for remote use on your machine. So they _should_ have access to (some amount of) those filesystems, but not run code.
    • by dskoll ( 99328 )

      I think it means auth'd users can run code as root (or even worse, within kernel context.)

    • by gweihir ( 88907 )

      This is probably for authenticated users that are blocked from logging in. Because otherwise it wouldn't make any sense at all.

  • by volkerdi ( 9854 ) on Sunday December 25, 2022 @06:07PM (#63157378)

    Slackware has never enabled CONFIG_SMB_SERVER in any kernel.

    • Re: (Score:3, Funny)

      Slackware has never enabled CONFIG_SMB_SERVER in any kernel.

      And when you grow up, you'll never enable in your own kernel that you build yourself.

      • Dude, you replied to this guy [wikipedia.org].

        He was building custom kernels even before your mother had the accident of having you.

        Are Slashdot's old timers already dead or they just don't read posts here anymore? Or maybe don't care to reply?
        • by jmccue ( 834797 )

          This is the first I saw this thread, I was elsewhere yesterday.

          But the care Slackware uses in deciding what to enable in their kernel (among other reasons) is why Slackware is still my main system.

  • Mine is a Windows-free setup, which implies that I have no use for Samba. This does not affect me.
    • by lsllll ( 830002 ) on Sunday December 25, 2022 @06:56PM (#63157448)
      SMB is not just for Windows and, to be honest, I think it's a better option than NFS in most instances. In addition, most multimedia devices support SMB right out of the box. At home, SMB is a blessing, even if most of my machines run Linux. At work I gave up using SMB and went with SSHFS instead. But I do agree that it should never have been baked into the Linux kernel. Maybe it caught Linus on a bad day.
      • But I do agree that it should never have been baked into the Linux kernel. Maybe it caught Linus on a bad day.

        It's not part of the core kernel, it's a kernel module. Anything can go into those.

      • But I do agree that it should never have been baked into the Linux kernel. Maybe it caught Linus on a bad day.

        Or maybe Linus realised the benefits of having a filesystem level driver in the kernel where it shares the same space as network drivers and presents to the rest of the system in a unified sane way.

  • by ctilsie242 ( 4841247 ) on Sunday December 25, 2022 @09:28PM (#63157580)

    Slackware 15 is definitely not linked to Debian. It had its own package manager (used to use tarballs for everything at first), and has been around for longer than Debian, tracing back to the SLS days.

    • by vbdasc ( 146051 )

      Well, if we're going to be nitpicking, then neither does Deepin Linux descend from Ubuntu.

    • Slackware 15 is definitely not linked to Debian. It had its own package manager (used to use tarballs for everything at first), and has been around for longer than Debian, tracing back to the SLS days.

      SLS? Space Launch System ? https://en.wikipedia.org/wiki/... [wikipedia.org]

      Thats only over a decade old. I think Slackware, Debian and many other distros have been around longer ;)

      • by jmccue ( 834797 )

        Joking right ? :)

        Anyway here is a link

        https://en.wikipedia.org/wiki/Softlanding_Linux_System

  • Why would you integrate a file daemon functionality right into the kernel? The concept alone sounds like a completely terrible idea already.

  • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Monday December 26, 2022 @05:47AM (#63158160) Homepage Journal

    I would like for Christmas a fully security-audited mathematically verified Linux kernel.

  • Are distros autoloading this?

    Do people using these distros need to push out a module blacklist conf?

    I so rarely regret running Debian Stable with its "old-ass" LTS kernel.

    New code and exploration is fantastic behind several firewalls. I am glad Samsung is working on kernel code.

Life's the same, except for the shoes. - The Cars

Working...