2020-07-17 18:43:23

by Alexander A. Klimov

[permalink] [raw]
Subject: [PATCH] m68k: Replace HTTP links with HTTPS ones

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <[email protected]>
---
Continuing my work started at 93431e0607e5.
See also: git log --oneline '--author=Alexander A. Klimov <[email protected]>' v5.7..master

If there are any URLs to be removed completely
or at least not (just) HTTPSified:
Just clearly say so and I'll *undo my change*.
See also: https://lkml.org/lkml/2020/6/27/64

If there are any valid, but yet not changed URLs:
See: https://lkml.org/lkml/2020/6/26/837

If you apply the patch, please let me know.


arch/m68k/include/asm/mac_via.h | 4 ++--
arch/m68k/mac/config.c | 2 +-
arch/m68k/mac/macboing.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/m68k/include/asm/mac_via.h b/arch/m68k/include/asm/mac_via.h
index 1149251ea58d..0cbab71f2592 100644
--- a/arch/m68k/include/asm/mac_via.h
+++ b/arch/m68k/include/asm/mac_via.h
@@ -30,7 +30,7 @@
* http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
* ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
*
- * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
+ * also, https://developer.apple.com/technotes/hw/hw_09.html claims the
* following changes for IIfx:
* VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
* Also, "All of the functionality of VIA2 has been moved to other chips".
@@ -178,7 +178,7 @@
* on others, 0=disable processor's instruction
* and data caches. */

-/* Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
+/* Apple sez: https://developer.apple.com/technotes/ov/ov_04.html
* Another example of a valid function that has no ROM support is the use
* of the alternate video page for page-flipping animation. Since there
* is no ROM call to flip pages, it is necessary to go play with the
diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c
index 5c9f3a2d6538..6f2eb1dcfc0c 100644
--- a/arch/m68k/mac/config.c
+++ b/arch/m68k/mac/config.c
@@ -240,7 +240,7 @@ static struct mac_model mac_data_table[] = {
* Weirdified Mac II hardware - all subtly different. Gee thanks
* Apple. All these boxes seem to have VIA2 in a different place to
* the Mac II (+1A000 rather than +4000)
- * CSA: see http://developer.apple.com/technotes/hw/hw_09.html
+ * CSA: see https://developer.apple.com/technotes/hw/hw_09.html
*/

{
diff --git a/arch/m68k/mac/macboing.c b/arch/m68k/mac/macboing.c
index 388780797f7d..a904146dc4e6 100644
--- a/arch/m68k/mac/macboing.c
+++ b/arch/m68k/mac/macboing.c
@@ -116,7 +116,7 @@ static void mac_init_asc( void )
* support 16-bit stereo output, but only mono input."
*
* Technical Information Library (TIL) article number 16405.
- * http://support.apple.com/kb/TA32601
+ * https://support.apple.com/kb/TA32601
*
* --David Kilzer
*/
--
2.27.0


2020-07-18 04:27:04

by Finn Thain

[permalink] [raw]
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones

On Fri, 17 Jul 2020, Alexander A. Klimov wrote:

> Rationale:
> Reduces attack surface on kernel devs opening the links for
> MITM as HTTPS traffic is much harder to manipulate.
>

Has that actually happened?

You still need to fix the chain of trust in all the relevant browsers
(unless you're planning to ship root certificates with the kernel source).

Even then, developers using "HTTPS Everywhere" or equivalent will not
benefit from this patch.

And these new links are just as stale as the old ones, so I have to use
web.archive.org anyway. So this patch achieves practically nothing.

> Deterministic algorithm:
> For each file:
> If not .svg:

Are URLs in .svg files not exploitable by MITM attack?

> For each line:
> If doesn't contain `\bxmlns\b`:

Are XML parsers not exploitable by MITM attack?

> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:

Are ftp:// links etc. not exploitable by MITM attack?

> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:

Should developers be more concerned about MITM attack or lawsuit?

> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:

...then you have not been MITM attacked.

> Replace HTTP with HTTPS.
>

Will you also require developers to use DNSSEC?

> Signed-off-by: Alexander A. Klimov <[email protected]>
> ---
> Continuing my work started at 93431e0607e5.
> See also: git log --oneline '--author=Alexander A. Klimov <[email protected]>' v5.7..master
>
> If there are any URLs to be removed completely
> or at least not (just) HTTPSified:
> Just clearly say so and I'll *undo my change*.
> See also: https://lkml.org/lkml/2020/6/27/64
>
> If there are any valid, but yet not changed URLs:
> See: https://lkml.org/lkml/2020/6/26/837
>
> If you apply the patch, please let me know.
>
>
> arch/m68k/include/asm/mac_via.h | 4 ++--
> arch/m68k/mac/config.c | 2 +-
> arch/m68k/mac/macboing.c | 2 +-
> 3 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/arch/m68k/include/asm/mac_via.h b/arch/m68k/include/asm/mac_via.h
> index 1149251ea58d..0cbab71f2592 100644
> --- a/arch/m68k/include/asm/mac_via.h
> +++ b/arch/m68k/include/asm/mac_via.h
> @@ -30,7 +30,7 @@
> * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
> * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
> *
> - * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
> + * also, https://developer.apple.com/technotes/hw/hw_09.html claims the
> * following changes for IIfx:
> * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
> * Also, "All of the functionality of VIA2 has been moved to other chips".
> @@ -178,7 +178,7 @@
> * on others, 0=disable processor's instruction
> * and data caches. */
>
> -/* Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
> +/* Apple sez: https://developer.apple.com/technotes/ov/ov_04.html
> * Another example of a valid function that has no ROM support is the use
> * of the alternate video page for page-flipping animation. Since there
> * is no ROM call to flip pages, it is necessary to go play with the
> diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c
> index 5c9f3a2d6538..6f2eb1dcfc0c 100644
> --- a/arch/m68k/mac/config.c
> +++ b/arch/m68k/mac/config.c
> @@ -240,7 +240,7 @@ static struct mac_model mac_data_table[] = {
> * Weirdified Mac II hardware - all subtly different. Gee thanks
> * Apple. All these boxes seem to have VIA2 in a different place to
> * the Mac II (+1A000 rather than +4000)
> - * CSA: see http://developer.apple.com/technotes/hw/hw_09.html
> + * CSA: see https://developer.apple.com/technotes/hw/hw_09.html
> */
>
> {
> diff --git a/arch/m68k/mac/macboing.c b/arch/m68k/mac/macboing.c
> index 388780797f7d..a904146dc4e6 100644
> --- a/arch/m68k/mac/macboing.c
> +++ b/arch/m68k/mac/macboing.c
> @@ -116,7 +116,7 @@ static void mac_init_asc( void )
> * support 16-bit stereo output, but only mono input."
> *
> * Technical Information Library (TIL) article number 16405.
> - * http://support.apple.com/kb/TA32601
> + * https://support.apple.com/kb/TA32601
> *
> * --David Kilzer
> */
>

2020-07-18 08:06:14

by Alexander A. Klimov

[permalink] [raw]
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones



Am 18.07.20 um 06:25 schrieb Finn Thain:
> On Fri, 17 Jul 2020, Alexander A. Klimov wrote:
>
>> Rationale:
>> Reduces attack surface on kernel devs opening the links for
>> MITM as HTTPS traffic is much harder to manipulate.
>>
>
> Has that actually happened?
I hope no. And with my patch it won't happen.

>
> You still need to fix the chain of trust in all the relevant browsers
> (unless you're planning to ship root certificates with the kernel source).
>
> Even then, developers using "HTTPS Everywhere" or equivalent will not
> benefit from this patch.
>
> And these new links are just as stale as the old ones, so I have to use
> web.archive.org anyway. So this patch achieves practically nothing.
Are they broken? I thought they're just redirecting?

>
>> Deterministic algorithm:
>> For each file:
>> If not .svg:
>
> Are URLs in .svg files not exploitable by MITM attack?
They're boilerplates set by Inkscape.

>
>> For each line:
>> If doesn't contain `\bxmlns\b`:
>
> Are XML parsers not exploitable by MITM attack?
They're boilerplates set by Inkscape.

>
>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>
> Are ftp:// links etc. not exploitable by MITM attack?
>
>> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
I'll add this to my todo list.

>
> Should developers be more concerned about MITM attack or lawsuit?
They're boilerplates we should replace with SPDX headers instead.

>
>> If both the HTTP and HTTPS versions
>> return 200 OK and serve the same content:
>
> ...then you have not been MITM attacked.
... for now.

>
>> Replace HTTP with HTTPS.
>>
>
> Will you also require developers to use DNSSEC?
*Sigh* ... yes, doing everything one nice day is better that doing just
something right now.
But doing just something right now is better that doing nothing at all.

Wait for v5.9-rc1, run...

>
>> Signed-off-by: Alexander A. Klimov <[email protected]>
>> ---
>> Continuing my work started at 93431e0607e5.
>> See also: git log --oneline '--author=Alexander A. Klimov <[email protected]>' v5.7..master
... this command and see how many maintainers agree with me.

>>
>> If there are any URLs to be removed completely
>> or at least not (just) HTTPSified:
>> Just clearly say so and I'll *undo my change*.
>> See also: https://lkml.org/lkml/2020/6/27/64
>>
>> If there are any valid, but yet not changed URLs:
>> See: https://lkml.org/lkml/2020/6/26/837
>>
>> If you apply the patch, please let me know.
>>
>>
>> arch/m68k/include/asm/mac_via.h | 4 ++--
>> arch/m68k/mac/config.c | 2 +-
>> arch/m68k/mac/macboing.c | 2 +-
>> 3 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/m68k/include/asm/mac_via.h b/arch/m68k/include/asm/mac_via.h
>> index 1149251ea58d..0cbab71f2592 100644
>> --- a/arch/m68k/include/asm/mac_via.h
>> +++ b/arch/m68k/include/asm/mac_via.h
>> @@ -30,7 +30,7 @@
>> * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
>> * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
>> *
>> - * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
>> + * also, https://developer.apple.com/technotes/hw/hw_09.html claims the
>> * following changes for IIfx:
>> * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
>> * Also, "All of the functionality of VIA2 has been moved to other chips".
>> @@ -178,7 +178,7 @@
>> * on others, 0=disable processor's instruction
>> * and data caches. */
>>
>> -/* Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
>> +/* Apple sez: https://developer.apple.com/technotes/ov/ov_04.html
>> * Another example of a valid function that has no ROM support is the use
>> * of the alternate video page for page-flipping animation. Since there
>> * is no ROM call to flip pages, it is necessary to go play with the
>> diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c
>> index 5c9f3a2d6538..6f2eb1dcfc0c 100644
>> --- a/arch/m68k/mac/config.c
>> +++ b/arch/m68k/mac/config.c
>> @@ -240,7 +240,7 @@ static struct mac_model mac_data_table[] = {
>> * Weirdified Mac II hardware - all subtly different. Gee thanks
>> * Apple. All these boxes seem to have VIA2 in a different place to
>> * the Mac II (+1A000 rather than +4000)
>> - * CSA: see http://developer.apple.com/technotes/hw/hw_09.html
>> + * CSA: see https://developer.apple.com/technotes/hw/hw_09.html
>> */
>>
>> {
>> diff --git a/arch/m68k/mac/macboing.c b/arch/m68k/mac/macboing.c
>> index 388780797f7d..a904146dc4e6 100644
>> --- a/arch/m68k/mac/macboing.c
>> +++ b/arch/m68k/mac/macboing.c
>> @@ -116,7 +116,7 @@ static void mac_init_asc( void )
>> * support 16-bit stereo output, but only mono input."
>> *
>> * Technical Information Library (TIL) article number 16405.
>> - * http://support.apple.com/kb/TA32601
>> + * https://support.apple.com/kb/TA32601
>> *
>> * --David Kilzer
>> */
>>

2020-07-19 07:51:40

by Finn Thain

[permalink] [raw]
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones

On Sat, 18 Jul 2020, Alexander A. Klimov wrote:

> *Sigh* ... yes, doing everything one nice day is better that doing just
> something right now.

I wasn't saying "do everything possible or else do nothing". I was trying
to point to the larger problem. The http links in the kernel source hardly
seem to matter when nothing I read on HTTPS links is trustworthy.

> But doing just something right now is better that doing nothing at all.
>

HTTPS is not new. MITM attack is as old as the Byzantian hills. Your
rationale for doing "something right now" is apparently that you trust the
people who maintain "kernel developers" browsers but mistrust the people
who maintain some network links and switches. That's fine and you should
set your policy accordingly. But you should not be surprised if others
have different threat models -- especially when you fail to offer an
actual case where this patch might have helped.

2020-07-19 08:44:54

by Alexander A. Klimov

[permalink] [raw]
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones



Am 19.07.20 um 09:51 schrieb Finn Thain:
> On Sat, 18 Jul 2020, Alexander A. Klimov wrote:
>
>> *Sigh* ... yes, doing everything one nice day is better that doing just
>> something right now.
>
> I wasn't saying "do everything possible or else do nothing". I was trying
> to point to the larger problem. The http links in the kernel source hardly
> seem to matter when nothing I read on HTTPS links is trustworthy.
>
>> But doing just something right now is better that doing nothing at all.
>>
>
> HTTPS is not new. MITM attack is as old as the Byzantian hills. Your
> rationale for doing "something right now" is apparently that you trust the
> people who maintain "kernel developers" browsers but mistrust the people
> who maintain some network links and switches. That's fine and you should
> set your policy accordingly. But you should not be surprised if others
> have different threat models -- especially when you fail to offer an
> actual case where this patch might have helped.
>
Really, I'm not interested in debates on principles here.

Just tell me either of these:

* You'll apply these changes of mine as-is
* You won't apply these changes of mine at all
* I shall undo particular changes (which ones?) and/or change the commit
message (how?) before you apply the others

Thx.

2020-07-20 00:05:52

by Finn Thain

[permalink] [raw]
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones

On Sun, 19 Jul 2020, Alexander A. Klimov wrote:

> Just tell me either of these:
>
> * You'll apply these changes of mine as-is
> * You won't apply these changes of mine at all
> * I shall undo particular changes (which ones?) and/or change the commit
> message (how?) before you apply the others
>

That's up to Geert or Joshua, as they are the official maintainers.

2020-08-26 08:52:26

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: [PATCH] m68k: Replace HTTP links with HTTPS ones

Hi Alexander,

Thanks for your patch!

On Fri, Jul 17, 2020 at 8:42 PM Alexander A. Klimov
<[email protected]> wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
>
> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:

Something must be wrong with your script, as several of them return
"301 Moved Permanently" instead of "200 OK".

> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <[email protected]>

> --- a/arch/m68k/include/asm/mac_via.h
> +++ b/arch/m68k/include/asm/mac_via.h
> @@ -30,7 +30,7 @@
> * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
> * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
> *
> - * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
> + * also, https://developer.apple.com/technotes/hw/hw_09.html claims the

No longer contains the original content. Perhaps it should be replaced by
https://web.archive.org/web/20041012040104/http://developer.apple.com/technotes/hw/hw_09.html
instead?

> * following changes for IIfx:
> * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
> * Also, "All of the functionality of VIA2 has been moved to other chips".
> @@ -178,7 +178,7 @@
> * on others, 0=disable processor's instruction
> * and data caches. */
>
> -/* Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
> +/* Apple sez: https://developer.apple.com/technotes/ov/ov_04.html

Probably the same, didn't bother to dive into web.archive.org.

> * Another example of a valid function that has no ROM support is the use
> * of the alternate video page for page-flipping animation. Since there
> * is no ROM call to flip pages, it is necessary to go play with the
> diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c
> index 5c9f3a2d6538..6f2eb1dcfc0c 100644
> --- a/arch/m68k/mac/config.c
> +++ b/arch/m68k/mac/config.c
> @@ -240,7 +240,7 @@ static struct mac_model mac_data_table[] = {
> * Weirdified Mac II hardware - all subtly different. Gee thanks
> * Apple. All these boxes seem to have VIA2 in a different place to
> * the Mac II (+1A000 rather than +4000)
> - * CSA: see http://developer.apple.com/technotes/hw/hw_09.html
> + * CSA: see https://developer.apple.com/technotes/hw/hw_09.html

Same as above.

> */
>
> {
> diff --git a/arch/m68k/mac/macboing.c b/arch/m68k/mac/macboing.c
> index 388780797f7d..a904146dc4e6 100644
> --- a/arch/m68k/mac/macboing.c
> +++ b/arch/m68k/mac/macboing.c
> @@ -116,7 +116,7 @@ static void mac_init_asc( void )
> * support 16-bit stereo output, but only mono input."
> *
> * Technical Information Library (TIL) article number 16405.
> - * http://support.apple.com/kb/TA32601
> + * https://support.apple.com/kb/TA32601

This change is fine. Actually the old URL returns 301 to point to the
new URL ;-)

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

2020-08-26 18:53:36

by Alexander A. Klimov

[permalink] [raw]
Subject: [PATCH v2] m68k: Replace HTTP links with HTTPS ones

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <[email protected]>
---
v2: Thrown out de facto broken links.
archive.org-ing is on my TODO list, but beyond this project's scope.

arch/m68k/mac/macboing.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/m68k/mac/macboing.c b/arch/m68k/mac/macboing.c
index 388780797f7d..a904146dc4e6 100644
--- a/arch/m68k/mac/macboing.c
+++ b/arch/m68k/mac/macboing.c
@@ -116,7 +116,7 @@ static void mac_init_asc( void )
* support 16-bit stereo output, but only mono input."
*
* Technical Information Library (TIL) article number 16405.
- * http://support.apple.com/kb/TA32601
+ * https://support.apple.com/kb/TA32601
*
* --David Kilzer
*/
--
2.27.0

2020-08-27 07:40:40

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: [PATCH v2] m68k: Replace HTTP links with HTTPS ones

On Wed, Aug 26, 2020 at 8:52 PM Alexander A. Klimov
<[email protected]> wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
>
> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <[email protected]>
> ---
> v2: Thrown out de facto broken links.
> archive.org-ing is on my TODO list, but beyond this project's scope.

Reviewed-by: Geert Uytterhoeven <[email protected]>
i.e. will queue in the m68k for-v5.10 branch.

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds