lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 Jul 2019 19:27:07 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Pavel Machek <pavel@....cz>
Cc:     linux-rtc@...r.kernel.org, Alessandro Zummo <a.zummo@...ertech.it>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: Reminder: 1 open syzbot bug in rtc subsystem

On Sun, Jul 28, 2019 at 03:23:33PM +0200, Pavel Machek wrote:
> On Tue 2019-07-23 19:50:08, Eric Biggers wrote:
> > [This email was generated by a script.  Let me know if you have any suggestions
> > to make it better, or if you want it re-generated with the latest status.]
> > 
> > Of the currently open syzbot reports against the upstream kernel, I've manually
> > marked 1 of them as possibly being a bug in the rtc subsystem.
> > 
> > If you believe this bug is no longer valid, please close the syzbot report by
> > sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
> > original thread, as explained at https://goo.gl/tpsmEJ#status
> > 
> > If you believe I misattributed this bug to the rtc subsystem, please let me
> > know, and if possible forward the report to the correct people or mailing list.
> > 
> > Here is the bug:
> 
> 
> Can you stop spamming lkml?
> 
> Sending 20 "reminders" in a row is not something human would do, and it is not
> something your bot should be allowed to do, either.
> 

Hi Pavel, just to clarify, though I used a script to generate these emails, I
manually reviewed and sent each one; I also manually assigned the subsystems and
sanity checked the bisection results.  (I'm also not on the syzbot team.  I just
care about the security and reliability of the Linux kernel...)  The reason
there are so many of these emails is that there are a lot of kernel subsystems
with open bug reports, many clearly still valid -- even considering that I
decided to skip some subsystems after deciding to just fix the bugs myself,
update the bug statuses myself, send some other email, or just wait.

I suppose there's some argument to be made that it's too noisy to Cc
linux-kernel when I've already assigned a subsystem, though, so I'll try
dropping linux-kernel from Cc for next time and just using the subsystem list
and maintainers, and see if that goes any better or worse.

Note that the syzbot reports themselves are still going to linux-kernel, though.

Thanks!

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ