GKH (Greg Kroah-Hartman) got pissed off pretty much. Here is a ZDNet article about it https://www.zdnet.com/google-amp/article/greg-kroah-hartman-bans-university-of-minnesota-from-linux-development-for-deliberately-buggy-patches/ This patch quoted in the article https://lore.kernel.org/linux-nfs/yh5%[email protected]/ kinda looks unnecessary (in case we assume gss_release_msg is perfect, who knows what side effects it has...), but...
I know some very prominent security guys (Pipacs https://twitter.com/paxteam and Brad Spengler from GRSecurity https://twitter.com/spendergrsec). Please read Brad's last 5-6 Tweets and references https://twitter.com/spendergrsec On Sat, Apr 24, 2021 at 9:13 AM Kent Perrier <[email protected]> wrote: > That isn't true (flaws now in use on production systems). If you read > their paper > <https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf>, > once the maintainer said "ok, looks good" they told the maintainer of the > issue with the code and not to use it. (Section VI A "Ethical > Considerations"). > > Now that may be going through ALL of the code submissions from UMN and > ripping it all out and replacing it, but in *this* case security issues > were not introduced into the kernel. > > > > > On Sat, Apr 24, 2021 at 9:07 AM John F. Eldredge <[email protected]> > wrote: > >> Two researchers at the University of Minnesota have admitted they >> deliberately introduced security flaws into the Linux kernel, in order to >> determine how effective the review process is. As a result, all code >> changes originating from the university have been rolled back and are being >> re-reviewed, and no one using a University of Minnesota email address will >> be allowed to submit kernel changes. Apparently the flaws the researchers >> introduced are now in use on production systems worldwide. >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/nlug-talk/CAJfAAY%2BFfNnoW8OJnf_ypyoXPfj-RPaJo-495EqY7cXYCsaQtw%40mail.gmail.com >> <https://groups.google.com/d/msgid/nlug-talk/CAJfAAY%2BFfNnoW8OJnf_ypyoXPfj-RPaJo-495EqY7cXYCsaQtw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nlug-talk/CA%2B6_KC-PmYdPPuReM3tyG-Ga7OXJsiRGbKEhVgVCWch6649uLQ%40mail.gmail.com > <https://groups.google.com/d/msgid/nlug-talk/CA%2B6_KC-PmYdPPuReM3tyG-Ga7OXJsiRGbKEhVgVCWch6649uLQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/CA%2BKhHxLuiH3fDfkormfwUMWZrGACCh9aKtnK35NAVf5fUxF6Mg%40mail.gmail.com.
