Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS

From: Jonathan Corbet <corbet@lwn.net>
To: "Alexander A. Klimov" <grandmaster@al2klimov.de>
Cc: sfrench@samba.org, linux-cifs@vger.kernel.org,
	samba-technical@lists.samba.org, linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS
Date: Sun, 5 Jul 2020 14:25:06 -0600	[thread overview]
Message-ID: <20200705142506.1f26a7e0@lwn.net> (raw)
In-Reply-To: <20200627103125.71828-1-grandmaster@al2klimov.de>

On Sat, 27 Jun 2020 12:31:25 +0200
"Alexander A. Klimov" <grandmaster@al2klimov.de> wrote:

> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>   If not .svg:
>     For each line:
>       If doesn't contain `\bxmlns\b`:
>         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>           If both the HTTP and HTTPS versions
>           return 200 OK and serve the same content:
>             Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>

Applied but...

> ---
>  If there are any URLs to be removed completely or at least not HTTPSified:
>  Just clearly say so and I'll *undo my change*.
>  See also https://lkml.org/lkml/2020/6/27/64
> 
>  If there are any valid, but yet not changed URLs:
>  See https://lkml.org/lkml/2020/6/26/837
> 
>  Documentation/admin-guide/cifs/todo.rst            | 2 +-
>  Documentation/admin-guide/cifs/usage.rst           | 6 +++---
>  Documentation/admin-guide/cifs/winucase_convert.pl | 2 +-
>  fs/cifs/cifsacl.c                                  | 4 ++--
>  fs/cifs/cifsglob.h                                 | 2 +-
>  fs/cifs/winucase.c                                 | 2 +-
>  6 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/Documentation/admin-guide/cifs/todo.rst b/Documentation/admin-guide/cifs/todo.rst
> index 084c25f92dcb..25f11576e7b9 100644
> --- a/Documentation/admin-guide/cifs/todo.rst
> +++ b/Documentation/admin-guide/cifs/todo.rst
> @@ -98,7 +98,7 @@ x) Finish support for SMB3.1.1 compression
>  Known Bugs
>  ==========
>  
> -See http://bugzilla.samba.org - search on product "CifsVFS" for
> +See https://bugzilla.samba.org - search on product "CifsVFS" for
>  current bug list.  Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS)
>  
>  1) existing symbolic links (Windows reparse points) are recognized but
> diff --git a/Documentation/admin-guide/cifs/usage.rst b/Documentation/admin-guide/cifs/usage.rst
> index d3fb67b8a976..4abaea40dfd1 100644
> --- a/Documentation/admin-guide/cifs/usage.rst
> +++ b/Documentation/admin-guide/cifs/usage.rst
> @@ -17,7 +17,7 @@ standard for interoperating between Macs and Windows and major NAS appliances.
>  Please see
>  MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
>  http://protocolfreedom.org/ and

...it only took a cursory check to see that this is a spam site.  A patch
that claims to improve security should surely take something like that
out.  I guess I'll add a patch doing that now...

jon