September 5, 2017

Linux Kernel 4.13: Don't Use SMB1

penguin-4-13.jpg

Linux kernel 4.13
Check out the highlights of the new Linux kernel 4.13, just released by Linus Torvalds.

Linus Torvalds pushed out version 4.13 of the Linux Kernel on Sunday, right on schedule and almost exactly two months after 4.12.

Among all the changes, Torvalds highlights the one concerning the implementation of the SMB protocol in the kernel: The CIFS behavior in kernel 4.13 defaults to SMB3 as opposed to SMB1, which was the default in previous kernels.

SMB is a protocol used to access and share files, printers, and other services over a network, and the reason for the switch is that SMB 1 has aged horribly and is rife with vulnerabilities. The number of servers that still use it was one of the reasons the WannaCry ransomware spread like wildfire back in May. However, SMB1 is still accessible from kernel 4.13 for those that really, really have to use it. If you can't make the change (although you are highly encouraged to find a way to do so), you may need to add an explicit

vers=1.0

to your mount options in your /etc/fstab file.

Another security-related feature that has found its way into 4.13 is the kernel-based TLS implementation. TLS, which stands for Transport Layer Security, provides privacy over a network when, for example, you to a web server. TLS encrypts data flowing from the client to the server and back, it authenticates the server so you make sure you are really connecting to what you think you are connecting to, and the connection ensures integrity, meaning that each message comes with a code that either side can use to check that there has been no data loss or changes along the way.

With all this encrypting and checking going on, using TLS is much more CPU-hungry than the old insecure way of sending and receiving messages. By building TLS into the kernel, you get better performance for HTTPS and other protocols that use TLS.

Other stuff that's new in Kernel 4.13

  • The kernel now supports HDMI Stereo 3D output courtesy of the new Nouveau drivers. To be able to enjoy 3D Stereo output, you will of course need hardware (a video card and a display) that supports 3D. Kudos to the Nouveau team.

  • The EXT4 file system now has the largedir feature. This means a single EXT4 directory can now support 2 billion entries, over the prior limitation of 10 million entries of prior kernels.

  • As usual, there's a whole slew of new ARM devices that get native support in kernel 4.13, including the NanoPi NEO2, Orange Pi Prime, LicheePi Zero dock board, Orange Pi Zero Plus 2, SoPine SoM and the NanoPi M1 Plus. Especially interesting is the support for the BeagleBone Blue, a single board computer developed by Texas Instruments which is specially designed for use in robotics and drones.

To find out more and get a full list of changes and what they mean, you can check out the writeups at Kernel Newbies and Phoronix.

Connect with the Linux kernel development community at Open Source Summit. You can check out the full schedule here. Linux.com readers save on registration with discount code LINUXRD5. Register now!

Click Here!