| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b06e1efb-b2e6-b06b-bf24-1369c42e8ace@al2klimov.de>
Date: Fri, 3 Jul 2020 08:38:52 +0200
From: "Alexander A. Klimov" <grandmaster@...klimov.de>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Jonathan Corbet <corbet@....net>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...omium.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Jesper Dangaard Brouer <hawk@...nel.org>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
X86 ML <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>,
Steven Rostedt <rostedt@...dmis.org>,
Shuah Khan <shuah@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Quentin Monnet <quentin@...valent.com>,
Andrey Ignatov <rdna@...com>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
Network Development <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
Clang-Built-Linux ML <clang-built-linux@...glegroups.com>
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: BPF (Safe dynamic
programs and tools)
Am 03.07.20 um 00:08 schrieb Alexei Starovoitov:
> On Thu, Jul 2, 2020 at 1:05 PM Alexander A. Klimov
> <grandmaster@...klimov.de> wrote:
>>
>> Rationale:
>> Reduces attack surface on kernel devs opening the links for MITM
>> as HTTPS traffic is much harder to manipulate.
>>
>> Deterministic algorithm:
>> For each file:
>> If not .svg:
>> For each line:
>> If doesn't contain `\bxmlns\b`:
>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>> If both the HTTP and HTTPS versions
>> return 200 OK and serve the same content:
>> Replace HTTP with HTTPS.
>>
>> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
>> ---
>> Continuing my work started at 93431e0607e5.
>>
>> If there are any URLs to be removed completely or at least not HTTPSified:
>> Just clearly say so and I'll *undo my change*.
>> See also https://lkml.org/lkml/2020/6/27/64
>>
>> If there are any valid, but yet not changed URLs:
>> See https://lkml.org/lkml/2020/6/26/837
>>
>> Documentation/bpf/bpf_devel_QA.rst | 4 ++--
>> Documentation/bpf/index.rst | 2 +-
>> Documentation/networking/af_xdp.rst | 2 +-
>> Documentation/networking/filter.rst | 2 +-
>> arch/x86/net/bpf_jit_comp.c | 2 +-
>> include/linux/bpf.h | 2 +-
>> include/linux/bpf_verifier.h | 2 +-
>> include/uapi/linux/bpf.h | 2 +-
>> kernel/bpf/arraymap.c | 2 +-
>> kernel/bpf/core.c | 2 +-
>> kernel/bpf/disasm.c | 2 +-
>> kernel/bpf/disasm.h | 2 +-
>> kernel/bpf/hashtab.c | 2 +-
>> kernel/bpf/helpers.c | 2 +-
>> kernel/bpf/syscall.c | 2 +-
>> kernel/bpf/verifier.c | 2 +-
>> kernel/trace/bpf_trace.c | 2 +-
>> lib/test_bpf.c | 2 +-
>> net/core/filter.c | 2 +-
>> samples/bpf/lathist_kern.c | 2 +-
>> samples/bpf/lathist_user.c | 2 +-
>> samples/bpf/sockex3_kern.c | 2 +-
>> samples/bpf/tracex1_kern.c | 2 +-
>> samples/bpf/tracex2_kern.c | 2 +-
>> samples/bpf/tracex3_kern.c | 2 +-
>> samples/bpf/tracex3_user.c | 2 +-
>> samples/bpf/tracex4_kern.c | 2 +-
>> samples/bpf/tracex4_user.c | 2 +-
>> samples/bpf/tracex5_kern.c | 2 +-
>> tools/include/uapi/linux/bpf.h | 2 +-
>> tools/lib/bpf/bpf.c | 2 +-
>> tools/lib/bpf/bpf.h | 2 +-
>> tools/testing/selftests/bpf/test_maps.c | 2 +-
>> tools/testing/selftests/bpf/test_verifier.c | 2 +-
>> 34 files changed, 35 insertions(+), 35 deletions(-)
>
> Nacked-by: Alexei Starovoitov <ast@...nel.org>
>
> Pls don't touch anything bpf related with such changes.
https://lore.kernel.org/linux-doc/20200526060544.25127-1-grandmaster@al2klimov.de/
– merged.
https://lore.kernel.org/linux-doc/20200608181649.74883-1-grandmaster@al2klimov.de/
– applied.
https://lore.kernel.org/linux-doc/20200620075402.22347-1-grandmaster@al2klimov.de/
– applied.
https://lore.kernel.org/linux-doc/20200621133512.46311-1-grandmaster@al2klimov.de/
– applied.
https://lore.kernel.org/linux-doc/20200621133552.46371-1-grandmaster@al2klimov.de/
– applied.
https://lore.kernel.org/linux-doc/20200621133630.46435-1-grandmaster@al2klimov.de/
– applied.
https://lore.kernel.org/linux-doc/20200627103050.71712-1-grandmaster@al2klimov.de/
– applied.
https://lore.kernel.org/linux-doc/20200627103125.71828-1-grandmaster@al2klimov.de/
– reviewed.
https://lore.kernel.org/linux-doc/20200627103151.71942-1-grandmaster@al2klimov.de/
– reviewed.
This one – no, pls not.
Why exactly not? Are these URLs not being opened at all (What they're
doing there then?) or have all who open them the HTTPS everywhere
browser addon installed?
>
Powered by blists - more mailing lists