[vlc-devel] [PATCH] smb: try libdsm first

Rémi Denis-Courmont remi at remlab.net
Wed Oct 16 21:08:27 CEST 2019


Le keskiviikkona 16. lokakuuta 2019, 21.52.20 EEST Alexandre Janniaux a écrit 
:
> On Wed, Oct 16, 2019 at 09:25:29PM +0300, Rémi Denis-Courmont wrote:
> > Le keskiviikkona 16. lokakuuta 2019, 13.53.57 EEST Thomas Guillem a écrit 
:
> > > On Wed, Oct 16, 2019, at 12:01, Rémi Denis-Courmont wrote:
> > With all due respect, I don't think the vlc-devel community does or should
> > care (much) about your employer's customers, angry or not. The day all
> > your
> > customers will agree with the community is ptobably the day that you have
> > no customers left. You are free to deliver an insecure forked version to
> > your angry customers if you want.
> 
> I'm pretty sure Thomas meant users.

What I see is Thomas writes customers, and then his boss which hardly ever 
participates to vlc-devel comes and argues. No matter how you put it, and 
regardless of what Thomas actually meant, that combination just screams of 
customers, not users.

(...)
> We have patches for Videolabs's customers when they are needed.

And you should.

> > I don't think official VLC releases should be shipped with a known
> > CVE-worth security vulnerability, or even that we should slow down
> > network preparsing which is already exhibiting enough performance
> > problems as it is.
> 
> Maybe there are some other smart (or the opposite) thing we could do to
> improve performances, like blacklist for SMBv1? I don't really know SMB but
> this could improve performances with regards to the first connection, and
> we could reset this whenever SMBv2/3 fails?

The only way to prevent a downgrade attack in the presence of a passive 
eavesdropper is to always try the newer protocol first (and assume that the 
network will never spuriously fail) - which is what VLC currently does and 
exactly what this patch breaks.

And the only way to prevent a downgrade attack in the presence of an active 
MITM is to drop the old protocol completely - which is the "out of scope" pre-
existing vulnerability.

That's not strictly always true. Some protocols have specifically engineered 
secure version negotiation, notably TLS. But I somehow very highly doubt that 
SMB1 has such a thing, especially in light of Microsoft's position.

-- 
雷米‧德尼-库尔蒙
http://www.remlab.net/





More information about the vlc-devel mailing list