lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200705142506.1f26a7e0@lwn.net>
Date:   Sun, 5 Jul 2020 14:25:06 -0600
From:   Jonathan Corbet <corbet@....net>
To:     "Alexander A. Klimov" <grandmaster@...klimov.de>
Cc:     sfrench@...ba.org, linux-cifs@...r.kernel.org,
        samba-technical@...ts.samba.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS

On Sat, 27 Jun 2020 12:31:25 +0200
"Alexander A. Klimov" <grandmaster@...klimov.de> wrote:

> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>   If not .svg:
>     For each line:
>       If doesn't contain `\bxmlns\b`:
>         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>           If both the HTTP and HTTPS versions
>           return 200 OK and serve the same content:
>             Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>

Applied but...

> ---
>  If there are any URLs to be removed completely or at least not HTTPSified:
>  Just clearly say so and I'll *undo my change*.
>  See also https://lkml.org/lkml/2020/6/27/64
> 
>  If there are any valid, but yet not changed URLs:
>  See https://lkml.org/lkml/2020/6/26/837
> 
>  Documentation/admin-guide/cifs/todo.rst            | 2 +-
>  Documentation/admin-guide/cifs/usage.rst           | 6 +++---
>  Documentation/admin-guide/cifs/winucase_convert.pl | 2 +-
>  fs/cifs/cifsacl.c                                  | 4 ++--
>  fs/cifs/cifsglob.h                                 | 2 +-
>  fs/cifs/winucase.c                                 | 2 +-
>  6 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/Documentation/admin-guide/cifs/todo.rst b/Documentation/admin-guide/cifs/todo.rst
> index 084c25f92dcb..25f11576e7b9 100644
> --- a/Documentation/admin-guide/cifs/todo.rst
> +++ b/Documentation/admin-guide/cifs/todo.rst
> @@ -98,7 +98,7 @@ x) Finish support for SMB3.1.1 compression
>  Known Bugs
>  ==========
>  
> -See http://bugzilla.samba.org - search on product "CifsVFS" for
> +See https://bugzilla.samba.org - search on product "CifsVFS" for
>  current bug list.  Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS)
>  
>  1) existing symbolic links (Windows reparse points) are recognized but
> diff --git a/Documentation/admin-guide/cifs/usage.rst b/Documentation/admin-guide/cifs/usage.rst
> index d3fb67b8a976..4abaea40dfd1 100644
> --- a/Documentation/admin-guide/cifs/usage.rst
> +++ b/Documentation/admin-guide/cifs/usage.rst
> @@ -17,7 +17,7 @@ standard for interoperating between Macs and Windows and major NAS appliances.
>  Please see
>  MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
>  http://protocolfreedom.org/ and

...it only took a cursory check to see that this is a spam site.  A patch
that claims to improve security should surely take something like that
out.  I guess I'll add a patch doing that now...

jon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ