Enterprise Linux Security Episode 51 - Samba in the Kernel, What Could Possibly Go Wrong?!

preview_player
Показать описание
Adding unnecessary components to the Kernel is generally a bad idea, as it increases its threat surface. In this episode, Jay and Joao discuss a recent story that's a perfect example of why it's important to keep this under control. A vulnerability was recently discovered in the Linux kernel that scored the highest possible rating, and it all started when ksmbd was added.

*🎓 CROWDSTRIKE CRASH SURVIVOR T-SHIRT*
Commemorate the largest outage in history with the latest addition to the LLTV merch shop.

*🎓 BRAND NEW UDEMY COURSES AVAILABLE!*
Check out my new courses on Udemy and learn something new!

*🐧 SUPPORT LINUX LEARNING!*
_Note: Royalties and/or commission is earned from each of the above links_*🎓 FULL LINUX COURSES FROM LEARN LINUX TV*

*🌐 LEARN LINUX TV ON THE WEB*

*⚠️ DISCLAIMER*
Learn Linux TV provides technical content that will hopefully be helpful to you and teach you something new. However, this content is provided without any warranty (expressed or implied). Learn Linux TV is not responsible for any damages that may arise from any use of this content. Always make sure you have written permission before working with any infrastructure and that you are compliant with all company rules, change control procedures, and local laws.

#Linux
  1. Learn Linux TV
  2. Linux
  3. gnu/linux
  4. LearnLinuxTV
  5. Learn Linux TV
  6. LearnLinux.TV
Комментарии
Автор

Nice and complete:
We have no idea why they added this feature, but it is “obviously” bad.

How about researching the actual reason for the feature to be added??

pepeshopping
Автор

I'm pretty shocked that ksmbd was even considered for kernel space. It looks like I had an overly idealistic idea of how the kernel is maintained. I assumed only core essential functionality would be compiled in, the majority of functionality is compiled as a module and optionally inserted by discovery scripts. And anything that can be put in user-space (and especially huge code bases like ksmbd) is put in user-space.

racitup
Автор

Insurance and regulation are things that I feel deserve much better coverage than they get in tech media. Theres not much of it and what there is is often angry letter to the editor type of content.

christopherjackson
Автор

21:52 Well, Canonical deserves the burn. Linus always speaks bad of Debian, because of the slow release cycle, but something like this isn't likely to happen there, and that's important on a server. Canonical likes to be "on the bleeding edge", but watch out that it's not your blood what is been drawed! 😃

f-s-r
Автор

Canonical is pretty close to Microsoft, just saying.

geoffhalsey
Автор

The reason that Southwest had these IT problems is because IT costs too much. Poor software design results in never ending security problems. An IT department can easily become the most expensive part of the business if you let IT people make business decisions. Remember that IT is support to help, not be the biggest cost and biggest liability. In the case of Southwest, it would be better if they reduced future reliance on IT as much as possible. Airlines have virtually no profit margin to waste on IT. Even though they lost a lot of money on this incident, they would've lost significantly more throwing money into the IT fireplace.

AquariusTurtle