lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YIApyFQNCBOgNkhU@unreal>
Date:   Wed, 21 Apr 2021 16:34:00 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
Cc:     Trond Myklebust <trondmy@...merspace.com>,
        "a.shelat@...theastern.edu" <a.shelat@...theastern.edu>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "chuck.lever@...cle.com" <chuck.lever@...cle.com>,
        "dwysocha@...hat.com" <dwysocha@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "sudipm.mukherjee@...il.com" <sudipm.mukherjee@...il.com>,
        "bfields@...ldses.org" <bfields@...ldses.org>,
        "anna.schumaker@...app.com" <anna.schumaker@...app.com>,
        "pakki001@....edu" <pakki001@....edu>,
        "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg

On Wed, Apr 21, 2021 at 03:21:15PM +0200, gregkh@...uxfoundation.org wrote:
> On Wed, Apr 21, 2021 at 01:11:03PM +0000, Trond Myklebust wrote:
> > On Wed, 2021-04-21 at 15:19 +0300, Leon Romanovsky wrote:
> > > On Wed, Apr 21, 2021 at 11:58:08AM +0000, Shelat, Abhi wrote:
> > > > > > 
> > > > > > > > They introduce kernel bugs on purpose. Yesterday, I took a
> > > > > > > > look on 4
> > > > > > > > accepted patches from Aditya and 3 of them added various
> > > > > > > > severity security
> > > > > > > > "holes".
> > > > > > > 
> > > > > > > All contributions by this group of people need to be
> > > > > > > reverted, if they
> > > > > > > have not been done so already, as what they are doing is
> > > > > > > intentional
> > > > > > > malicious behavior and is not acceptable and totally
> > > > > > > unethical.  I'll
> > > > > > > look at it after lunch unless someone else wants to do it…
> > > > > > 
> > > > 
> > > > <snip>
> > > > 
> > > > Academic research should NOT waste the time of a community.
> > > > 
> > > > If you believe this behavior deserves an escalation, you can
> > > > contact the Institutional Review Board (irb@....edu) at UMN to
> > > > investigate whether this behavior was harmful; in particular,
> > > > whether the research activity had an appropriate IRB review, and
> > > > what safeguards prevent repeats in other communities.
> > > 
> > > The huge advantage of being "community" is that we don't need to do
> > > all
> > > the above and waste our time to fill some bureaucratic forms with
> > > unclear
> > > timelines and results.
> > > 
> > > Our solution to ignore all @umn.edu contributions is much more
> > > reliable
> > > to us who are suffering from these researchers.
> > > 
> > 
> > <shrug>That's an easy thing to sidestep by just shifting to using a
> > private email address.</shrug>
> 
> If they just want to be jerks, yes.  But they can't then use that type
> of "hiding" to get away with claiming it was done for a University
> research project as that's even more unethical than what they are doing
> now.
> 
> > There really is no alternative for maintainers other than to always be
> > sceptical of patches submitted by people who are not known and trusted
> > members of the community, and to scrutinise those patches with more
> > care.
> 
> Agreed, and when we notice things like this that were determined to be
> bad, we have the ability to easily go back and rip the changes out and
> we can slowly add them back if they are actually something we want to
> do.
> 
> Which is what I just did:
> 	https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/

Greg,

Did you push your series to the public git? I would like to add you a
couple of reverts.

And do you have a list of not reverted commits? It will save us from
doing same comparison of reverted/not reverted over and over.

Thanks

> 
> thanks,
> 
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ