Re: [PATCH] Replace HTTP links with HTTPS ones: security

2020-07-07 Thread James Morris 
On Sun, 5 Jul 2020, Alexander A. Klimov wrote:

> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>   If not .svg:
> For each line:
>   If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>   If both the HTTP and HTTPS versions
>   return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov 

Thanks.

Applied to 
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git 
next-general


-- 
James Morris

Re: [PATCH] Replace HTTP links with HTTPS ones: security

2020-07-05 Thread John Johansen 
On 7/5/20 2:45 PM, Alexander A. Klimov wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>   If not .svg:
> For each line:
>   If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>   If both the HTTP and HTTPS versions
>   return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov 

I went through and double checked all the https urls are good

Acked-by: John Johansen 

> ---
>  Continuing my work started at 93431e0607e5.
> 
>  If there are any URLs to be removed completely or at least not HTTPSified:
>  Just clearly say so and I'll *undo my change*.
>  See also https://lkml.org/lkml/2020/6/27/64
> 
>  If there are any valid, but yet not changed URLs:
>  See https://lkml.org/lkml/2020/6/26/837
> 
>  security/Kconfig | 2 +-
>  security/apparmor/Kconfig| 2 +-
>  security/integrity/ima/Kconfig   | 2 +-
>  security/integrity/ima/ima_template.c| 2 +-
>  security/integrity/ima/ima_template_lib.c| 2 +-
>  security/integrity/ima/ima_template_lib.h| 2 +-
>  security/keys/encrypted-keys/ecryptfs_format.c   | 2 +-
>  security/keys/encrypted-keys/ecryptfs_format.h   | 2 +-
>  security/keys/encrypted-keys/encrypted.c | 2 +-
>  security/keys/encrypted-keys/masterkey_trusted.c | 2 +-
>  10 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/security/Kconfig b/security/Kconfig
> index cd3cc7da3a55..7561f6f99f1d 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -118,7 +118,7 @@ config INTEL_TXT
> it was configured with, especially since they may be responsible for
> providing such assurances to VMs and services running on it.
>  
> -   See  for more information
> +   See  for more information
> about Intel(R) TXT.
> See  for more information about tboot.
> See Documentation/x86/intel_txt.rst for a description of how to enable
> diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
> index 03fae1bd48a6..348ed6cfa08a 100644
> --- a/security/apparmor/Kconfig
> +++ b/security/apparmor/Kconfig
> @@ -77,7 +77,7 @@ config SECURITY_APPARMOR_KUNIT_TEST
> This builds the AppArmor KUnit tests.
>  
> KUnit tests run during boot and output the results to the debug log
> -   in TAP format (http://testanything.org/). Only useful for kernel devs
> +   in TAP format (https://testanything.org/). Only useful for kernel devs
> running KUnit test harness and are not for inclusion into a
> production build.
>  
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index edde88dbe576..6a5e4a77601b 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -26,7 +26,7 @@ config IMA
> an aggregate integrity value over this list inside the
> TPM hardware, so that the TPM can prove to a third party
> whether or not critical system files have been modified.
> -   Read 
> +   Read 
> to learn more about IMA.
> If unsure, say N.
>  
> diff --git a/security/integrity/ima/ima_template.c 
> b/security/integrity/ima/ima_template.c
> index 5a2def40a733..1e89e2d3851f 100644
> --- a/security/integrity/ima/ima_template.c
> +++ b/security/integrity/ima/ima_template.c
> @@ -1,7 +1,7 @@
>  // SPDX-License-Identifier: GPL-2.0-only
>  /*
>   * Copyright (C) 2013 Politecnico di Torino, Italy
> - *TORSEC group -- http://security.polito.it
> + *TORSEC group -- https://security.polito.it
>   *
>   * Author: Roberto Sassu 
>   *
> diff --git a/security/integrity/ima/ima_template_lib.c 
> b/security/integrity/ima/ima_template_lib.c
> index 635c6ac05050..41a5f435b793 100644
> --- a/security/integrity/ima/ima_template_lib.c
> +++ b/security/integrity/ima/ima_template_lib.c
> @@ -1,7 +1,7 @@
>  // SPDX-License-Identifier: GPL-2.0-only
>  /*
>   * Copyright (C) 2013 Politecnico di Torino, Italy
> - *TORSEC group -- http://security.polito.it
> + *TORSEC group -- https://security.polito.it
>   *
>   * Author: Roberto Sassu 
>   *
> diff --git a/security/integrity/ima/ima_template_lib.h 
> b/security/integrity/ima/ima_template_lib.h
> index 9a88c79a7a61..6b3b880637a0 100644
> --- a/security/integrity/ima/ima_template_lib.h
> +++ b/security/integrity/ima/ima_template_lib.h
> @@ -1,7 +1,7 @@
>  /* SPDX-License-Identifier: GPL-2.0-only */
>  /*
>   * Copyright (C) 2013 Politecnico di Torino,