Linux Kernel 4.13: Don’t Use SMB1

Jonathan MathewsPublic

Linus Torvalds pushed out version 4.13 of the Linux Kernel on Sunday, right on schedule and almost exactly two months after 4.12.

Among all the changes, Torvalds highlights the one concerning the implementation of the SMB protocol in the kernel: The CIFS behavior in kernel 4.13 defaults to SMB3 as opposed to SMB1, which was the default in previous kernels.

SMB is a protocol used to access and share files, printers, and other services over a network, and the reason for the switch is that SMB 1 has aged horribly and is rife with vulnerabilities. The number of servers that still use it was one of the reasons the WannaCry ransomware spread like wildfire back in May. However, SMB1 is still accessible from kernel 4.13 for those that really, really have to use it. If you can’t make the change (although you are highly encouraged to find a way to do so), you may need to add an explicit


to your mount options in your /etc/fstab file.

Another security-related feature that has found its way into 4.13 is the kernel-based TLS implementation. TLS, which stands for Transport Layer Security, provides privacy over a network when, for example, you to a web server. TLS encrypts data flowing from the client to the server and back, it authenticates the server so you make sure you are really connecting to what you think you are connecting to, and the connection ensures integrity, meaning that each message comes with a code that either side can use to check that there has been no data loss or changes along the way.

Full Article