[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200705142506.1f26a7e0@lwn.net>
Date: Sun, 5 Jul 2020 14:25:06 -0600
From: Jonathan Corbet <corbet@....net>
To: "Alexander A. Klimov" <grandmaster@...klimov.de>
Cc: sfrench@...ba.org, linux-cifs@...r.kernel.org,
samba-technical@...ts.samba.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS
On Sat, 27 Jun 2020 12:31:25 +0200
"Alexander A. Klimov" <grandmaster@...klimov.de> wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
>
> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
Applied but...
> ---
> If there are any URLs to be removed completely or at least not HTTPSified:
> Just clearly say so and I'll *undo my change*.
> See also https://lkml.org/lkml/2020/6/27/64
>
> If there are any valid, but yet not changed URLs:
> See https://lkml.org/lkml/2020/6/26/837
>
> Documentation/admin-guide/cifs/todo.rst | 2 +-
> Documentation/admin-guide/cifs/usage.rst | 6 +++---
> Documentation/admin-guide/cifs/winucase_convert.pl | 2 +-
> fs/cifs/cifsacl.c | 4 ++--
> fs/cifs/cifsglob.h | 2 +-
> fs/cifs/winucase.c | 2 +-
> 6 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/admin-guide/cifs/todo.rst b/Documentation/admin-guide/cifs/todo.rst
> index 084c25f92dcb..25f11576e7b9 100644
> --- a/Documentation/admin-guide/cifs/todo.rst
> +++ b/Documentation/admin-guide/cifs/todo.rst
> @@ -98,7 +98,7 @@ x) Finish support for SMB3.1.1 compression
> Known Bugs
> ==========
>
> -See http://bugzilla.samba.org - search on product "CifsVFS" for
> +See https://bugzilla.samba.org - search on product "CifsVFS" for
> current bug list. Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS)
>
> 1) existing symbolic links (Windows reparse points) are recognized but
> diff --git a/Documentation/admin-guide/cifs/usage.rst b/Documentation/admin-guide/cifs/usage.rst
> index d3fb67b8a976..4abaea40dfd1 100644
> --- a/Documentation/admin-guide/cifs/usage.rst
> +++ b/Documentation/admin-guide/cifs/usage.rst
> @@ -17,7 +17,7 @@ standard for interoperating between Macs and Windows and major NAS appliances.
> Please see
> MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
> http://protocolfreedom.org/ and
...it only took a cursory check to see that this is a spam site. A patch
that claims to improve security should surely take something like that
out. I guess I'll add a patch doing that now...
jon
Powered by blists - more mailing lists