lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <156567EE-E5BB-43C4-B5A6-439D83FF387D@kernel.org>
Date: Sat, 31 May 2025 18:06:00 -0700
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
 Konstantin Ryabitsev <konstantin@...uxfoundation.org>
CC: linux-kernel@...r.kernel.org, Eric Biggers <ebiggers@...nel.org>,
 Ingo Saitz <ingo@...nover.ccc.de>, kernel test robot <oliver.sang@...el.com>,
 Marco Elver <elver@...gle.com>, Nathan Chancellor <nathan@...nel.org>,
 Thiago Jung Bauermann <thiago.bauermann@...aro.org>
Subject: Re: [GIT PULL] hardening fixes for v6.16-rc1



On May 31, 2025 11:20:20 AM PDT, Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>On Sat, 31 May 2025 at 08:00, Kees Cook <kees@...nel.org> wrote:
>>
>> Please pull this small handful of hardening fixes for v6.16-rc1.
>
>WTF, Kees?
>
>You seem to have actively maliciously modified your tree completely.
>
>There are completely crazy commits in there that are entirely fake.
>
>You have this: f8b59a0f90a2 Merge tag 'driver-core-6.16-rc1' of
>git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core
>
>which *claims* to be from me, and committed by me, but is very much
>not. It's some garbage you have entirely made up.
>
>Yes, there is a real commit like that, but it's has the SHA1 ID of
>9d230d500b0e.
>
>And this isn't some kind of innocent rebasing mistake, because this
>actively lies about who committed it.
>
>This is completely unacceptable.
>
>I will now refuse to pull *anything* from you until you explain what
>the f&*^ you have been up to, because this looks like you have been
>doing actively bad things.

I have no idea. I had noticed a bunch of my trees were refusing to have sane merges. I kept trying to rebase them to sort it out, but it seems it has not worked. This is all on top of an SSD that was getting mad at me and I had to replace it, but it threw errors during the copy. I thought everything got recovered in my various worktrees, but clearly something is still wrong.

>You need to nuke that tree, and come up with a good explanation for
>this kind of shit.

I'll throw it all out and rebuild from patches.

>I'm cc'ing Konstantin, because I really think these kinds of games are
>COMPLETELY UNACCEPTABLE, and this is not the kind of behavior we can
>have on kernel.org accounts.
>
>Konstantin - please disable Kees' account immediately until this is
>cleared up. Because this looks *malicious*.

Sorry! AFAICT it's all just from broken trees I tried to reconstruct (badly it seems).

Since I can't push to kernel.org, what shall I do for resending this PR after I've re-re-constructed everything?

-Kees


-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ