Thread (3 messages) 3 messages, 3 authors, 2020-07-05

Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS

From: Jonathan Corbet <corbet@lwn.net>
Date: 2020-07-05 20:25:09
Also in: linux-cifs, lkml

On Sat, 27 Jun 2020 12:31:25 +0200
"Alexander A. Klimov" [off-list ref] wrote:
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
          If both the HTTP and HTTPS versions
          return 200 OK and serve the same content:
            Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <redacted>
Applied but...
quoted hunk ↗ jump to hunk
---
 If there are any URLs to be removed completely or at least not HTTPSified:
 Just clearly say so and I'll *undo my change*.
 See also https://lkml.org/lkml/2020/6/27/64

 If there are any valid, but yet not changed URLs:
 See https://lkml.org/lkml/2020/6/26/837

 Documentation/admin-guide/cifs/todo.rst            | 2 +-
 Documentation/admin-guide/cifs/usage.rst           | 6 +++---
 Documentation/admin-guide/cifs/winucase_convert.pl | 2 +-
 fs/cifs/cifsacl.c                                  | 4 ++--
 fs/cifs/cifsglob.h                                 | 2 +-
 fs/cifs/winucase.c                                 | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/Documentation/admin-guide/cifs/todo.rst b/Documentation/admin-guide/cifs/todo.rst
index 084c25f92dcb..25f11576e7b9 100644
--- a/Documentation/admin-guide/cifs/todo.rst
+++ b/Documentation/admin-guide/cifs/todo.rst
@@ -98,7 +98,7 @@ x) Finish support for SMB3.1.1 compression
 Known Bugs
 ==========
 
-See http://bugzilla.samba.org - search on product "CifsVFS" for
+See https://bugzilla.samba.org - search on product "CifsVFS" for
 current bug list.  Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS)
 
 1) existing symbolic links (Windows reparse points) are recognized but
diff --git a/Documentation/admin-guide/cifs/usage.rst b/Documentation/admin-guide/cifs/usage.rst
index d3fb67b8a976..4abaea40dfd1 100644
--- a/Documentation/admin-guide/cifs/usage.rst
+++ b/Documentation/admin-guide/cifs/usage.rst
@@ -17,7 +17,7 @@ standard for interoperating between Macs and Windows and major NAS appliances.
 Please see
 MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
 http://protocolfreedom.org/ and
...it only took a cursory check to see that this is a spam site.  A patch
that claims to improve security should surely take something like that
out.  I guess I'll add a patch doing that now...

jon
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help