From: Jonathan Corbet <corbet@lwn.net>
To: "Alexander A. Klimov" <grandmaster@al2klimov.de>
Cc: sfrench@samba.org, linux-cifs@vger.kernel.org,
samba-technical@lists.samba.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS
Date: Sun, 5 Jul 2020 14:25:06 -0600 [thread overview]
Message-ID: <20200705142506.1f26a7e0@lwn.net> (raw)
In-Reply-To: <20200627103125.71828-1-grandmaster@al2klimov.de>
On Sat, 27 Jun 2020 12:31:25 +0200
"Alexander A. Klimov" <grandmaster@al2klimov.de> wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
>
> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Applied but...
> ---
> If there are any URLs to be removed completely or at least not HTTPSified:
> Just clearly say so and I'll *undo my change*.
> See also https://lkml.org/lkml/2020/6/27/64
>
> If there are any valid, but yet not changed URLs:
> See https://lkml.org/lkml/2020/6/26/837
>
> Documentation/admin-guide/cifs/todo.rst | 2 +-
> Documentation/admin-guide/cifs/usage.rst | 6 +++---
> Documentation/admin-guide/cifs/winucase_convert.pl | 2 +-
> fs/cifs/cifsacl.c | 4 ++--
> fs/cifs/cifsglob.h | 2 +-
> fs/cifs/winucase.c | 2 +-
> 6 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/admin-guide/cifs/todo.rst b/Documentation/admin-guide/cifs/todo.rst
> index 084c25f92dcb..25f11576e7b9 100644
> --- a/Documentation/admin-guide/cifs/todo.rst
> +++ b/Documentation/admin-guide/cifs/todo.rst
> @@ -98,7 +98,7 @@ x) Finish support for SMB3.1.1 compression
> Known Bugs
> ==========
>
> -See http://bugzilla.samba.org - search on product "CifsVFS" for
> +See https://bugzilla.samba.org - search on product "CifsVFS" for
> current bug list. Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS)
>
> 1) existing symbolic links (Windows reparse points) are recognized but
> diff --git a/Documentation/admin-guide/cifs/usage.rst b/Documentation/admin-guide/cifs/usage.rst
> index d3fb67b8a976..4abaea40dfd1 100644
> --- a/Documentation/admin-guide/cifs/usage.rst
> +++ b/Documentation/admin-guide/cifs/usage.rst
> @@ -17,7 +17,7 @@ standard for interoperating between Macs and Windows and major NAS appliances.
> Please see
> MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
> http://protocolfreedom.org/ and
...it only took a cursory check to see that this is a spam site. A patch
that claims to improve security should surely take something like that
out. I guess I'll add a patch doing that now...
jon
prev parent reply other threads:[~2020-07-05 20:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-27 10:31 [PATCH] Replace HTTP links with HTTPS ones: CIFS Alexander A. Klimov
2020-07-01 13:29 ` Aurélien Aptel
2020-07-05 20:25 ` Jonathan Corbet [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200705142506.1f26a7e0@lwn.net \
--to=corbet@lwn.net \
--cc=grandmaster@al2klimov.de \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).