Due to a recent SaMBa vulnerability CVE-2021-44142, I’d like to disable smbd on my GL-MT300N-V2 Mango:
root@GL-MT300N-V2:~# /usr/sbin/smbd --version
The vulnerability exists prior to 4.13.17.
I tried disabling File Sharing in the Applications menu (and rebooting), to no effect. I’ve tried terminating and/or killing the smbd (and nmbd for good measure) process in the Advanced menu, also to no effect.
I’d prefer a way of doing this via the GUI, but I am also not afraid of deleting
/etc/rc.d/S60samba if that’s what it takes.
(Currently running firmware 3.105, but I have checked the release notes for the later two stable releases 3.203 and 3.211 and don’t see anything about upgrading SaMBa.)
To stop running a script in /etc/rc.d, you can rename it in SSH so that it does not begin with “S” or “K”:
mv /etc/rc.d/S60samba mv /etc/rc.d/zzzS60samba
There is also not much danger deleting it because it is only a symbolic link to the actual file in the /etc/init.d directory.
In the same page you linked, you can see that this vulnerability only affects users using the vfs_fruit module, you can disable it:
As a workaround remove the “fruit” VFS module from the list of
configured VFS objects in any “vfs objects” line in the Samba
VFS fruit is for Apple/MacOS SMB clients, so it should be okay if you do not have that. I do not have a /etc/smb.conf file, only a /etc/config/samba file, which does not have any “vfs_object” lines anyway.
If anyone still wants to, you can just disable any /etc/rc.d startup or shutdown script just by renaming it without prefix of “S” (for Start) or “K” (for Kill).
You can also enable or disable startup scripts in LuCi → System → Startup.
On firmware 3.211 samba is not installed by default.