Message ID | 20200705214512.28498-1-grandmaster@al2klimov.de (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Replace HTTP links with HTTPS ones: security | expand |
On 7/5/20 2:45 PM, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> I went through and double checked all the https urls are good Acked-by: John Johansen <john.johansen@canonical.com> > --- > Continuing my work started at 93431e0607e5. > > If there are any URLs to be removed completely or at least not HTTPSified: > Just clearly say so and I'll *undo my change*. > See also https://lkml.org/lkml/2020/6/27/64 > > If there are any valid, but yet not changed URLs: > See https://lkml.org/lkml/2020/6/26/837 > > security/Kconfig | 2 +- > security/apparmor/Kconfig | 2 +- > security/integrity/ima/Kconfig | 2 +- > security/integrity/ima/ima_template.c | 2 +- > security/integrity/ima/ima_template_lib.c | 2 +- > security/integrity/ima/ima_template_lib.h | 2 +- > security/keys/encrypted-keys/ecryptfs_format.c | 2 +- > security/keys/encrypted-keys/ecryptfs_format.h | 2 +- > security/keys/encrypted-keys/encrypted.c | 2 +- > security/keys/encrypted-keys/masterkey_trusted.c | 2 +- > 10 files changed, 10 insertions(+), 10 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index cd3cc7da3a55..7561f6f99f1d 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -118,7 +118,7 @@ config INTEL_TXT > it was configured with, especially since they may be responsible for > providing such assurances to VMs and services running on it. > > - See <http://www.intel.com/technology/security/> for more information > + See <https://www.intel.com/technology/security/> for more information > about Intel(R) TXT. > See <http://tboot.sourceforge.net> for more information about tboot. > See Documentation/x86/intel_txt.rst for a description of how to enable > diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig > index 03fae1bd48a6..348ed6cfa08a 100644 > --- a/security/apparmor/Kconfig > +++ b/security/apparmor/Kconfig > @@ -77,7 +77,7 @@ config SECURITY_APPARMOR_KUNIT_TEST > This builds the AppArmor KUnit tests. > > KUnit tests run during boot and output the results to the debug log > - in TAP format (http://testanything.org/). Only useful for kernel devs > + in TAP format (https://testanything.org/). Only useful for kernel devs > running KUnit test harness and are not for inclusion into a > production build. > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > index edde88dbe576..6a5e4a77601b 100644 > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -26,7 +26,7 @@ config IMA > an aggregate integrity value over this list inside the > TPM hardware, so that the TPM can prove to a third party > whether or not critical system files have been modified. > - Read <http://www.usenix.org/events/sec04/tech/sailer.html> > + Read <https://www.usenix.org/events/sec04/tech/sailer.html> > to learn more about IMA. > If unsure, say N. > > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c > index 5a2def40a733..1e89e2d3851f 100644 > --- a/security/integrity/ima/ima_template.c > +++ b/security/integrity/ima/ima_template.c > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0-only > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c > index 635c6ac05050..41a5f435b793 100644 > --- a/security/integrity/ima/ima_template_lib.c > +++ b/security/integrity/ima/ima_template_lib.c > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0-only > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h > index 9a88c79a7a61..6b3b880637a0 100644 > --- a/security/integrity/ima/ima_template_lib.h > +++ b/security/integrity/ima/ima_template_lib.h > @@ -1,7 +1,7 @@ > /* SPDX-License-Identifier: GPL-2.0-only */ > /* > * Copyright (C) 2013 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Author: Roberto Sassu <roberto.sassu@polito.it> > * > diff --git a/security/keys/encrypted-keys/ecryptfs_format.c b/security/keys/encrypted-keys/ecryptfs_format.c > index a7339d4de811..8fdd76105ce3 100644 > --- a/security/keys/encrypted-keys/ecryptfs_format.c > +++ b/security/keys/encrypted-keys/ecryptfs_format.c > @@ -4,7 +4,7 @@ > * > * Copyright (C) 2006 International Business Machines Corp. > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Michael A. Halcrow <mahalcro@us.ibm.com> > diff --git a/security/keys/encrypted-keys/ecryptfs_format.h b/security/keys/encrypted-keys/ecryptfs_format.h > index 939621d870e4..ed8466578616 100644 > --- a/security/keys/encrypted-keys/ecryptfs_format.h > +++ b/security/keys/encrypted-keys/ecryptfs_format.h > @@ -4,7 +4,7 @@ > * > * Copyright (C) 2006 International Business Machines Corp. > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Michael A. Halcrow <mahalcro@us.ibm.com> > diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c > index 14cf81d1a30b..20075b1308aa 100644 > --- a/security/keys/encrypted-keys/encrypted.c > +++ b/security/keys/encrypted-keys/encrypted.c > @@ -2,7 +2,7 @@ > /* > * Copyright (C) 2010 IBM Corporation > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Mimi Zohar <zohar@us.ibm.com> > diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c > index c68528aa49c6..e6d22ce77e98 100644 > --- a/security/keys/encrypted-keys/masterkey_trusted.c > +++ b/security/keys/encrypted-keys/masterkey_trusted.c > @@ -2,7 +2,7 @@ > /* > * Copyright (C) 2010 IBM Corporation > * Copyright (C) 2010 Politecnico di Torino, Italy > - * TORSEC group -- http://security.polito.it > + * TORSEC group -- https://security.polito.it > * > * Authors: > * Mimi Zohar <zohar@us.ibm.com> >
On Sun, 5 Jul 2020, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Thanks. Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general
diff --git a/security/Kconfig b/security/Kconfig index cd3cc7da3a55..7561f6f99f1d 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -118,7 +118,7 @@ config INTEL_TXT it was configured with, especially since they may be responsible for providing such assurances to VMs and services running on it. - See <http://www.intel.com/technology/security/> for more information + See <https://www.intel.com/technology/security/> for more information about Intel(R) TXT. See <http://tboot.sourceforge.net> for more information about tboot. See Documentation/x86/intel_txt.rst for a description of how to enable diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index 03fae1bd48a6..348ed6cfa08a 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -77,7 +77,7 @@ config SECURITY_APPARMOR_KUNIT_TEST This builds the AppArmor KUnit tests. KUnit tests run during boot and output the results to the debug log - in TAP format (http://testanything.org/). Only useful for kernel devs + in TAP format (https://testanything.org/). Only useful for kernel devs running KUnit test harness and are not for inclusion into a production build. diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index edde88dbe576..6a5e4a77601b 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -26,7 +26,7 @@ config IMA an aggregate integrity value over this list inside the TPM hardware, so that the TPM can prove to a third party whether or not critical system files have been modified. - Read <http://www.usenix.org/events/sec04/tech/sailer.html> + Read <https://www.usenix.org/events/sec04/tech/sailer.html> to learn more about IMA. If unsure, say N. diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 5a2def40a733..1e89e2d3851f 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2013 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Author: Roberto Sassu <roberto.sassu@polito.it> * diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 635c6ac05050..41a5f435b793 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2013 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Author: Roberto Sassu <roberto.sassu@polito.it> * diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h index 9a88c79a7a61..6b3b880637a0 100644 --- a/security/integrity/ima/ima_template_lib.h +++ b/security/integrity/ima/ima_template_lib.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* * Copyright (C) 2013 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Author: Roberto Sassu <roberto.sassu@polito.it> * diff --git a/security/keys/encrypted-keys/ecryptfs_format.c b/security/keys/encrypted-keys/ecryptfs_format.c index a7339d4de811..8fdd76105ce3 100644 --- a/security/keys/encrypted-keys/ecryptfs_format.c +++ b/security/keys/encrypted-keys/ecryptfs_format.c @@ -4,7 +4,7 @@ * * Copyright (C) 2006 International Business Machines Corp. * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Michael A. Halcrow <mahalcro@us.ibm.com> diff --git a/security/keys/encrypted-keys/ecryptfs_format.h b/security/keys/encrypted-keys/ecryptfs_format.h index 939621d870e4..ed8466578616 100644 --- a/security/keys/encrypted-keys/ecryptfs_format.h +++ b/security/keys/encrypted-keys/ecryptfs_format.h @@ -4,7 +4,7 @@ * * Copyright (C) 2006 International Business Machines Corp. * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Michael A. Halcrow <mahalcro@us.ibm.com> diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 14cf81d1a30b..20075b1308aa 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -2,7 +2,7 @@ /* * Copyright (C) 2010 IBM Corporation * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Mimi Zohar <zohar@us.ibm.com> diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c index c68528aa49c6..e6d22ce77e98 100644 --- a/security/keys/encrypted-keys/masterkey_trusted.c +++ b/security/keys/encrypted-keys/masterkey_trusted.c @@ -2,7 +2,7 @@ /* * Copyright (C) 2010 IBM Corporation * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Mimi Zohar <zohar@us.ibm.com>
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> --- Continuing my work started at 93431e0607e5. If there are any URLs to be removed completely or at least not HTTPSified: Just clearly say so and I'll *undo my change*. See also https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See https://lkml.org/lkml/2020/6/26/837 security/Kconfig | 2 +- security/apparmor/Kconfig | 2 +- security/integrity/ima/Kconfig | 2 +- security/integrity/ima/ima_template.c | 2 +- security/integrity/ima/ima_template_lib.c | 2 +- security/integrity/ima/ima_template_lib.h | 2 +- security/keys/encrypted-keys/ecryptfs_format.c | 2 +- security/keys/encrypted-keys/ecryptfs_format.h | 2 +- security/keys/encrypted-keys/encrypted.c | 2 +- security/keys/encrypted-keys/masterkey_trusted.c | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-)