Ubuntu

Please enable CONFIG_CIFS_WEAK_PW_HASH for hardy

Reported by Steve Langasek on 2008-03-15
16
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Ben Collins

Bug Description

Per an upstream discussion (http://archives.free.net.ph/message/20080315.043324.426696d1.en.html), when CONFIG_CIFS_WEAK_PW_HASH is not set, the cifs driver will not be able to negotiate connections to servers using pre-NTLM security. Since the samba package is no longer shipping the smbfs userspace tools, as mentioned in bug #183000, this option is fairly important to have enabled for hardy in order to remain compatible with legacy fileservers.

IMHO, enabling this option should not be regarded as a net reduction in security because support for the same weak password handling is also available by way of the smbfs driver (which is still enabled even if the samba package no longer supports it), and negotiation of pre-NTLM passwords can still be disabled at runtime via a /proc setting.

Please consider enabling this setting for hardy.

Steve Langasek (vorlon) on 2008-03-15
Changed in linux:
importance: Undecided → Medium
milestone: none → ubuntu-8.04
status: New → Confirmed
TEN (launchpad-20-ten) wrote :

Enabling CONFIG_CIFS_WEAK_PW_HASH should also actually fix https://bugs.launchpad.net/ubuntu/+source/samba/+bug/112839 by making mount.cifs work without the need to build custom kernels.

Changed in linux:
assignee: nobody → ubuntu-kernel-team
status: Confirmed → Triaged
Changed in linux:
assignee: ubuntu-kernel-team → ben-collins
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-13.23

---------------
linux (2.6.24-13.23) hardy; urgency=low

  [Alessio Igor Bogani]

  * rt: Updated configuration files

  [Ben Collins]

  * openvz: New custom flavour for OpenVZ
  * config: Disable IDE AMD driver in favor of PATA version
    - LP: #181561
  * config: Disable IDE VIA driver in favor of PATA version
    - LP: #181561
  * drivers/video: Restore gutsy backlight dimming behavior
    - LP: #205261
  * build/config: Enable CONFIG_CIFS_WEAK_PW_HASH
    - LP: #202445

  [Colin Ian King]

  * SAUCE: Add support for version 4 of Chelsio NICs in cxgb3 driver
    - LP: #201893

  [Kees Cook]

  * AppArmor: re-add missing "type" field in syslog reports.
    - LP: #202888
  * kvm: reset TSS on x86_64 to avoid ioperm bitmap corruption
    - LP: #144900

  [Stefan Bader]

  * USB: EHCI: add separate IAA watchdog timer
    - LP: #198619
  * SAUCE: Always use SCO protocol (disable eSCO support)
    - LP: #39414
  * PM: Introduce PM_EVENT_HIBERNATE callback state
    - LP: #201086

  [Tim Gardner]

  * Disable DRM suspend/resume on pre-915 Intel chips
    - LP: #207496
  * frame buffer regression - screen blank except for blinking cursor after fbcon
    vtswitch
    - LP: #201591

 -- Tim Gardner <email address hidden> Wed, 19 Mar 2008 10:05:05 -0400

Changed in linux:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers