From: John Johansen <john.johansen@canonical.com> To: "Alexander A. Klimov" <grandmaster@al2klimov.de>, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, dhowells@redhat.com, jarkko.sakkinen@linux.intel.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: security Date: Sun, 05 Jul 2020 21:59:49 +0000 [thread overview] Message-ID: <d4fa3722-ead7-5df6-df69-57a7581967c7@canonical.com> (raw) In-Reply-To: <20200705214512.28498-1-grandmaster@al2klimov.de> On 7/5/20 2:45 PM, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> I went through and double checked all the https urls are good Acked-by: John Johansen <john.johansen@canonical.com> > --- > Continuing my work started at 93431e0607e5. > > If there are any URLs to be removed completely or at least not HTTPSified: > Just clearly say so and I'll *undo my change*. > See also https://lkml.org/lkml/2020/6/27/64 > > If there are any valid, but yet not changed URLs: > See https://lkml.org/lkml/2020/6/26/837 > > security/Kconfig | 2 +- > security/apparmor/Kconfig | 2 +- > security/integrity/ima/Kconfig | 2 +- > security/integrity/ima/ima_template.c | 2 +- > security/integrity/ima/ima_template_lib.c | 2 +- > security/integrity/ima/ima_template_lib.h | 2 +- > security/keys/encrypted-keys/ecryptfs_format.c | 2 +- > security/keys/encrypted-keys/ecryptfs_format.h | 2 +- > security/keys/encrypted-keys/encrypted.c | 2 +- > security/keys/encrypted-keys/masterkey_trusted.c | 2 +- > 10 files changed, 10 insertions(+), 10 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index cd3cc7da3a55..7561f6f99f1d 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -118,7 +118,7 @@ config INTEL_TXT > it was configured with, especially since they may be responsible for > providing such assurances to VMs and services running on it. > > - See <http://www.intel.com/technology/security/> for more information > + See <https://www.intel.com/technology/security/> for more information > about Intel(R) TXT. > See <http://tboot.sourceforge.net> for more information about tboot. > See Documentation/x86/intel_txt.rst for a description of how to enable > diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig > index 03fae1bd48a6..348ed6cfa08a 100644 > --- a/security/apparmor/Kconfig > +++ b/security/apparmor/Kconfig > @@ -77,7 +77,7 @@ config SECURITY_APPARMOR_KUNIT_TEST > This builds the AppArmor KUnit tests. > > KUnit tests run during boot and output the results to the debug log > - in TAP format (http://testanything.org/). Only useful for kernel devs > + in TAP format (https://testanything.org/). Only useful for kernel devs > running KUnit test harness and are not for inclusion into a > production build. > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > index edde88dbe576..6a5e4a77601b 100644 > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -26,7 +26,7 @@ config IMA > an aggregate integrity value over this list inside the > TPM hardware, so that the TPM can prove to a third party > whether or not critical system files have been modified. > - Read <http://www.usenix.org/events/sec04/tech/sailer.html> > + Read <https://www.usenix.org/events/sec04/tech/sailer.html> > to learn more about IMA. > If unsure, say N. > > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c > index 5a2def40a733..1e89e2d3851f 100644 > --- a/security/integrity/ima/ima_template.c > +++ b/security/integrity/ima/ima_template.c > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0-only > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c > index 635c6ac05050..41a5f435b793 100644 > --- a/security/integrity/ima/ima_template_lib.c > +++ b/security/integrity/ima/ima_template_lib.c > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0-only > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h > index 9a88c79a7a61..6b3b880637a0 100644 > --- a/security/integrity/ima/ima_template_lib.h > +++ b/security/integrity/ima/ima_template_lib.h > @@ -1,7 +1,7 @@ > /* SPDX-License-Identifier: GPL-2.0-only */ > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/keys/encrypted-keys/ecryptfs_format.c b/security/keys/encrypted-keys/ecryptfs_format.c > index a7339d4de811..8fdd76105ce3 100644 > --- a/security/keys/encrypted-keys/ecryptfs_format.c > +++ b/security/keys/encrypted-keys/ecryptfs_format.c > @@ -4,7 +4,7 @@ > * > * Copyright (C) 2006 International Business Machines Corp. > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Michael A. Halcrow <mahalcro@us.ibm.com> > diff --git a/security/keys/encrypted-keys/ecryptfs_format.h b/security/keys/encrypted-keys/ecryptfs_format.h > index 939621d870e4..ed8466578616 100644 > --- a/security/keys/encrypted-keys/ecryptfs_format.h > +++ b/security/keys/encrypted-keys/ecryptfs_format.h > @@ -4,7 +4,7 @@ > * > * Copyright (C) 2006 International Business Machines Corp. > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Michael A. Halcrow <mahalcro@us.ibm.com> > diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c > index 14cf81d1a30b..20075b1308aa 100644 > --- a/security/keys/encrypted-keys/encrypted.c > +++ b/security/keys/encrypted-keys/encrypted.c > @@ -2,7 +2,7 @@ > /* > * Copyright (C) 2010 IBM Corporation > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Mimi Zohar <zohar@us.ibm.com> > diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c > index c68528aa49c6..e6d22ce77e98 100644 > --- a/security/keys/encrypted-keys/masterkey_trusted.c > +++ b/security/keys/encrypted-keys/masterkey_trusted.c > @@ -2,7 +2,7 @@ > /* > * Copyright (C) 2010 IBM Corporation > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Mimi Zohar <zohar@us.ibm.com> >
WARNING: multiple messages have this Message-ID (diff)
From: John Johansen <john.johansen@canonical.com> To: "Alexander A. Klimov" <grandmaster@al2klimov.de>, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, dhowells@redhat.com, jarkko.sakkinen@linux.intel.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: security Date: Sun, 5 Jul 2020 14:59:49 -0700 [thread overview] Message-ID: <d4fa3722-ead7-5df6-df69-57a7581967c7@canonical.com> (raw) In-Reply-To: <20200705214512.28498-1-grandmaster@al2klimov.de> On 7/5/20 2:45 PM, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> I went through and double checked all the https urls are good Acked-by: John Johansen <john.johansen@canonical.com> > --- > Continuing my work started at 93431e0607e5. > > If there are any URLs to be removed completely or at least not HTTPSified: > Just clearly say so and I'll *undo my change*. > See also https://lkml.org/lkml/2020/6/27/64 > > If there are any valid, but yet not changed URLs: > See https://lkml.org/lkml/2020/6/26/837 > > security/Kconfig | 2 +- > security/apparmor/Kconfig | 2 +- > security/integrity/ima/Kconfig | 2 +- > security/integrity/ima/ima_template.c | 2 +- > security/integrity/ima/ima_template_lib.c | 2 +- > security/integrity/ima/ima_template_lib.h | 2 +- > security/keys/encrypted-keys/ecryptfs_format.c | 2 +- > security/keys/encrypted-keys/ecryptfs_format.h | 2 +- > security/keys/encrypted-keys/encrypted.c | 2 +- > security/keys/encrypted-keys/masterkey_trusted.c | 2 +- > 10 files changed, 10 insertions(+), 10 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index cd3cc7da3a55..7561f6f99f1d 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -118,7 +118,7 @@ config INTEL_TXT > it was configured with, especially since they may be responsible for > providing such assurances to VMs and services running on it. > > - See <http://www.intel.com/technology/security/> for more information > + See <https://www.intel.com/technology/security/> for more information > about Intel(R) TXT. > See <http://tboot.sourceforge.net> for more information about tboot. > See Documentation/x86/intel_txt.rst for a description of how to enable > diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig > index 03fae1bd48a6..348ed6cfa08a 100644 > --- a/security/apparmor/Kconfig > +++ b/security/apparmor/Kconfig > @@ -77,7 +77,7 @@ config SECURITY_APPARMOR_KUNIT_TEST > This builds the AppArmor KUnit tests. > > KUnit tests run during boot and output the results to the debug log > - in TAP format (http://testanything.org/). Only useful for kernel devs > + in TAP format (https://testanything.org/). Only useful for kernel devs > running KUnit test harness and are not for inclusion into a > production build. > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > index edde88dbe576..6a5e4a77601b 100644 > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -26,7 +26,7 @@ config IMA > an aggregate integrity value over this list inside the > TPM hardware, so that the TPM can prove to a third party > whether or not critical system files have been modified. > - Read <http://www.usenix.org/events/sec04/tech/sailer.html> > + Read <https://www.usenix.org/events/sec04/tech/sailer.html> > to learn more about IMA. > If unsure, say N. > > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c > index 5a2def40a733..1e89e2d3851f 100644 > --- a/security/integrity/ima/ima_template.c > +++ b/security/integrity/ima/ima_template.c > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0-only > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c > index 635c6ac05050..41a5f435b793 100644 > --- a/security/integrity/ima/ima_template_lib.c > +++ b/security/integrity/ima/ima_template_lib.c > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0-only > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h > index 9a88c79a7a61..6b3b880637a0 100644 > --- a/security/integrity/ima/ima_template_lib.h > +++ b/security/integrity/ima/ima_template_lib.h > @@ -1,7 +1,7 @@ > /* SPDX-License-Identifier: GPL-2.0-only */ > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/keys/encrypted-keys/ecryptfs_format.c b/security/keys/encrypted-keys/ecryptfs_format.c > index a7339d4de811..8fdd76105ce3 100644 > --- a/security/keys/encrypted-keys/ecryptfs_format.c > +++ b/security/keys/encrypted-keys/ecryptfs_format.c > @@ -4,7 +4,7 @@ > * > * Copyright (C) 2006 International Business Machines Corp. > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Michael A. Halcrow <mahalcro@us.ibm.com> > diff --git a/security/keys/encrypted-keys/ecryptfs_format.h b/security/keys/encrypted-keys/ecryptfs_format.h > index 939621d870e4..ed8466578616 100644 > --- a/security/keys/encrypted-keys/ecryptfs_format.h > +++ b/security/keys/encrypted-keys/ecryptfs_format.h > @@ -4,7 +4,7 @@ > * > * Copyright (C) 2006 International Business Machines Corp. > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Michael A. Halcrow <mahalcro@us.ibm.com> > diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c > index 14cf81d1a30b..20075b1308aa 100644 > --- a/security/keys/encrypted-keys/encrypted.c > +++ b/security/keys/encrypted-keys/encrypted.c > @@ -2,7 +2,7 @@ > /* > * Copyright (C) 2010 IBM Corporation > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Mimi Zohar <zohar@us.ibm.com> > diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c > index c68528aa49c6..e6d22ce77e98 100644 > --- a/security/keys/encrypted-keys/masterkey_trusted.c > +++ b/security/keys/encrypted-keys/masterkey_trusted.c > @@ -2,7 +2,7 @@ > /* > * Copyright (C) 2010 IBM Corporation > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Mimi Zohar <zohar@us.ibm.com> >
next prev parent reply other threads:[~2020-07-05 21:59 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-07-05 21:45 [PATCH] Replace HTTP links with HTTPS ones: security Alexander A. Klimov 2020-07-05 21:45 ` Alexander A. Klimov 2020-07-05 21:59 ` John Johansen [this message] 2020-07-05 21:59 ` John Johansen 2020-07-07 20:28 ` James Morris 2020-07-07 20:28 ` James Morris
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=d4fa3722-ead7-5df6-df69-57a7581967c7@canonical.com \ --to=john.johansen@canonical.com \ --cc=dhowells@redhat.com \ --cc=dmitry.kasatkin@gmail.com \ --cc=grandmaster@al2klimov.de \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=jmorris@namei.org \ --cc=keyrings@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=serge@hallyn.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.