Re: [PATCH] Replace HTTP links with HTTPS ones: BPF (Safe dynamic programs and tools)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 03.07.20 um 00:08 schrieb Alexei Starovoitov:
On Thu, Jul 2, 2020 at 1:05 PM Alexander A. Klimov
<grandmaster@xxxxxxxxxxxx> wrote:

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
   If not .svg:
     For each line:
       If doesn't contain `\bxmlns\b`:
         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
           If both the HTTP and HTTPS versions
           return 200 OK and serve the same content:
             Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@xxxxxxxxxxxx>
---
  Continuing my work started at 93431e0607e5.

  If there are any URLs to be removed completely or at least not HTTPSified:
  Just clearly say so and I'll *undo my change*.
  See also https://lkml.org/lkml/2020/6/27/64

  If there are any valid, but yet not changed URLs:
  See https://lkml.org/lkml/2020/6/26/837

  Documentation/bpf/bpf_devel_QA.rst          | 4 ++--
  Documentation/bpf/index.rst                 | 2 +-
  Documentation/networking/af_xdp.rst         | 2 +-
  Documentation/networking/filter.rst         | 2 +-
  arch/x86/net/bpf_jit_comp.c                 | 2 +-
  include/linux/bpf.h                         | 2 +-
  include/linux/bpf_verifier.h                | 2 +-
  include/uapi/linux/bpf.h                    | 2 +-
  kernel/bpf/arraymap.c                       | 2 +-
  kernel/bpf/core.c                           | 2 +-
  kernel/bpf/disasm.c                         | 2 +-
  kernel/bpf/disasm.h                         | 2 +-
  kernel/bpf/hashtab.c                        | 2 +-
  kernel/bpf/helpers.c                        | 2 +-
  kernel/bpf/syscall.c                        | 2 +-
  kernel/bpf/verifier.c                       | 2 +-
  kernel/trace/bpf_trace.c                    | 2 +-
  lib/test_bpf.c                              | 2 +-
  net/core/filter.c                           | 2 +-
  samples/bpf/lathist_kern.c                  | 2 +-
  samples/bpf/lathist_user.c                  | 2 +-
  samples/bpf/sockex3_kern.c                  | 2 +-
  samples/bpf/tracex1_kern.c                  | 2 +-
  samples/bpf/tracex2_kern.c                  | 2 +-
  samples/bpf/tracex3_kern.c                  | 2 +-
  samples/bpf/tracex3_user.c                  | 2 +-
  samples/bpf/tracex4_kern.c                  | 2 +-
  samples/bpf/tracex4_user.c                  | 2 +-
  samples/bpf/tracex5_kern.c                  | 2 +-
  tools/include/uapi/linux/bpf.h              | 2 +-
  tools/lib/bpf/bpf.c                         | 2 +-
  tools/lib/bpf/bpf.h                         | 2 +-
  tools/testing/selftests/bpf/test_maps.c     | 2 +-
  tools/testing/selftests/bpf/test_verifier.c | 2 +-
  34 files changed, 35 insertions(+), 35 deletions(-)

Nacked-by: Alexei Starovoitov <ast@xxxxxxxxxx>

Pls don't touch anything bpf related with such changes.
https://lore.kernel.org/linux-doc/20200526060544.25127-1-grandmaster@xxxxxxxxxxxx/
– merged.

https://lore.kernel.org/linux-doc/20200608181649.74883-1-grandmaster@xxxxxxxxxxxx/
– applied.

https://lore.kernel.org/linux-doc/20200620075402.22347-1-grandmaster@xxxxxxxxxxxx/
– applied.

https://lore.kernel.org/linux-doc/20200621133512.46311-1-grandmaster@xxxxxxxxxxxx/
– applied.

https://lore.kernel.org/linux-doc/20200621133552.46371-1-grandmaster@xxxxxxxxxxxx/
– applied.

https://lore.kernel.org/linux-doc/20200621133630.46435-1-grandmaster@xxxxxxxxxxxx/
– applied.

https://lore.kernel.org/linux-doc/20200627103050.71712-1-grandmaster@xxxxxxxxxxxx/
– applied.

https://lore.kernel.org/linux-doc/20200627103125.71828-1-grandmaster@xxxxxxxxxxxx/
– reviewed.

https://lore.kernel.org/linux-doc/20200627103151.71942-1-grandmaster@xxxxxxxxxxxx/
– reviewed.

This one – no, pls not.

Why exactly not? Are these URLs not being opened at all (What they're doing there then?) or have all who open them the HTTPS everywhere browser addon installed?





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux