Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3999308ybt; Sun, 5 Jul 2020 13:26:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyLGOkaBiyunQaOG/juI0NNwsNClcmhSjHFDAJvir+OcunaRFOF4e4rWewtg0vEFDAoNo0H X-Received: by 2002:a50:f01d:: with SMTP id r29mr52480469edl.158.1593980801175; Sun, 05 Jul 2020 13:26:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593980801; cv=none; d=google.com; s=arc-20160816; b=MKZzLPgrDCJxJM1IhxDhPOwggk36qjbhFNTJ0rze9heInmvbL6ZgQ9ym9l7pOuHyFT oGyrztNlGdcrZQ6bEjwzsXqTsXZXWyeVrpjgsQNw/r+8PpNALFVKcoCU/l723y1exCl2 7XFMnuYPmWYVs7g6WGUxJLHHBtzmDDuD35CLWvhBBSH9CPSDcvgWrW2sJd6zMQobkIaV pDhmstPBIDo73vpdNSiwePzaUBHt+RfmfVGX3cUUP7kKxrjqd5rFlRRYCqpPrOa89MkJ g2jLeajt6Zp91mE1AFWmckBIkSDQwV1ryvbxnSZqNqQ5YQ4GT5Hd2NtD1r4r7jHOBSrm orug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=gcGQSqbN33BefEEYk6BLtFFZl10jWqIGmsFKAzVmKN4=; b=1JBaaXMIgTwLckKFFTWNAc3NMTiFqtRBltsg4An/29tG1fSi19pBq31FsDZEE9xyvm 1hiwIDKahxGwZAInamYmmPo/n22T+JCLeyM47P1GEz+r8OaCdgzftYezMvRVimzBrNpB hevaJkBYuVXWRpjTqm/twMlR7ta31RuV3VV/U9/vJsgPq+AnSWAc/y3UUMu0DQLgSSxi JPwg5H1cLGSu10TWd5LHLYE47NR7jtnuEGTSBj0nYUr0lKtLDkpCmddA4D7X+IzGiCQd 7hYCnzRUBCop0CZ6d9FebeBmLUjThIr/ag8Xnz9DBQQd9EycgDo7BN5R541s7P6td4ml 4yBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id de2si11642617edb.198.2020.07.05.13.26.18; Sun, 05 Jul 2020 13:26:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728319AbgGEUZH (ORCPT + 99 others); Sun, 5 Jul 2020 16:25:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728262AbgGEUZH (ORCPT ); Sun, 5 Jul 2020 16:25:07 -0400 Received: from ms.lwn.net (ms.lwn.net [IPv6:2600:3c01:e000:3a1::42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1F3AC061794; Sun, 5 Jul 2020 13:25:07 -0700 (PDT) Received: from lwn.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ms.lwn.net (Postfix) with ESMTPSA id 309A42E4; Sun, 5 Jul 2020 20:25:07 +0000 (UTC) Date: Sun, 5 Jul 2020 14:25:06 -0600 From: Jonathan Corbet To: "Alexander A. Klimov" Cc: sfrench@samba.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: CIFS Message-ID: <20200705142506.1f26a7e0@lwn.net> In-Reply-To: <20200627103125.71828-1-grandmaster@al2klimov.de> References: <20200627103125.71828-1-grandmaster@al2klimov.de> Organization: LWN.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 27 Jun 2020 12:31:25 +0200 "Alexander A. Klimov" wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov Applied but... > --- > If there are any URLs to be removed completely or at least not HTTPSified: > Just clearly say so and I'll *undo my change*. > See also https://lkml.org/lkml/2020/6/27/64 > > If there are any valid, but yet not changed URLs: > See https://lkml.org/lkml/2020/6/26/837 > > Documentation/admin-guide/cifs/todo.rst | 2 +- > Documentation/admin-guide/cifs/usage.rst | 6 +++--- > Documentation/admin-guide/cifs/winucase_convert.pl | 2 +- > fs/cifs/cifsacl.c | 4 ++-- > fs/cifs/cifsglob.h | 2 +- > fs/cifs/winucase.c | 2 +- > 6 files changed, 9 insertions(+), 9 deletions(-) > > diff --git a/Documentation/admin-guide/cifs/todo.rst b/Documentation/admin-guide/cifs/todo.rst > index 084c25f92dcb..25f11576e7b9 100644 > --- a/Documentation/admin-guide/cifs/todo.rst > +++ b/Documentation/admin-guide/cifs/todo.rst > @@ -98,7 +98,7 @@ x) Finish support for SMB3.1.1 compression > Known Bugs > ========== > > -See http://bugzilla.samba.org - search on product "CifsVFS" for > +See https://bugzilla.samba.org - search on product "CifsVFS" for > current bug list. Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS) > > 1) existing symbolic links (Windows reparse points) are recognized but > diff --git a/Documentation/admin-guide/cifs/usage.rst b/Documentation/admin-guide/cifs/usage.rst > index d3fb67b8a976..4abaea40dfd1 100644 > --- a/Documentation/admin-guide/cifs/usage.rst > +++ b/Documentation/admin-guide/cifs/usage.rst > @@ -17,7 +17,7 @@ standard for interoperating between Macs and Windows and major NAS appliances. > Please see > MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification) > http://protocolfreedom.org/ and ...it only took a cursory check to see that this is a spam site. A patch that claims to improve security should surely take something like that out. I guess I'll add a patch doing that now... jon