[nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread John F. Eldredge
Two researchers at the University of Minnesota have admitted they deliberately introduced security flaws into the Linux kernel, in order to determine how effective the review process is. As a result, all code changes originating from the university have been rolled back and are being re-reviewed, a

Re: [nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread Kent Perrier
That isn't true (flaws now in use on production systems). If you read their paper , once the maintainer said "ok, looks good" they told the maintainer of the issue with the code and not to use it. (Section VI

Re: [nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread Csaba Toth
GKH (Greg Kroah-Hartman) got pissed off pretty much. Here is a ZDNet article about it https://www.zdnet.com/google-amp/article/greg-kroah-hartman-bans-university-of-minnesota-from-linux-development-for-deliberately-buggy-patches/ This patch quoted in the article https://lore.kernel.org/linux-nfs/yh

Re: [nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread John F. Eldredge
Well, the news report I read said the bugs were submitted and accepted. On Sat, Apr 24, 2021, 11:12 AM Kent Perrier wrote: > That isn't true (flaws now in use on production systems). If you read > their paper >

Re: [nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread 'Michael Chaney' via NLUG
Start reading here: https://lore.kernel.org/linux-nfs/20210407001658.2208535-1-pakki...@umn.edu/ This is one of my favorites, the original is gone but you can get some of it in the reply: https://lore.kernel.org/linux-nfs/yh%2ffm%2ftsbmczz...@kroah.com/ This is the part - note that Pakki is cla

Re: [nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread Kent Perrier
I am trusting what they put in their paper. So. :) I do think this kind of research needs to be done, I just don't know how to do it in an ethical way, not wasting the time of the developers. I also think the kernel maintainers are the ones most likely to find such submissions. If a supply-cha

Re: [nlug] University of Minnesota banned from contributing to Linux kernel

2021-04-24 Thread Csaba Toth
"This is the most popular operating system kernel on the planet used by billions of devices." This is exactly why it is important to see how well it is protected. We want it to be as secure as possible. The experiment could not happen at all with the Windows kernel since it's not open source. Some