[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Malicious commits to Linux kernel as part of university study
From: Thomas Ward <teward () thomas-ward ! net>
Date: 2021-04-24 16:20:38
Message-ID: b11bd2b0-1f34-4d41-9555-d31de13d43da () thomas-ward ! net
[Download RAW message or body]
Clarification is from 2020. That clarification doesn't address the fact that this is still \
technically research misconduct regardless of the clarifications. The Linux Kernel has banned \
commits from University of Michigan because of a large volume of noise and useless patch \
requests among other things. So it still requires a misconduct evaluation.
Get BlueMail for Android
-------- Original Message --------
From: Silas <silas.cutler@blacklistthisdomain.com>
Sent: Fri Apr 23 23:32:27 EDT 2021
To: oss-security@lists.openwall.com
Subject: Re: [oss-security] Malicious commits to Linux kernel as part of university study
Hello,
They issued a clarification as well:
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
- S
On 4/22/21 12:25 PM, Marcus Meissner wrote:
> Hi,
>
> to follow the "give complete content" requirement, here their statement on their website:
>
> https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
>
> "
> Statement from CS&E on Linux Kernel research - April 21, 2021
>
> Leadership in the University of Minnesota Department of Computer Science & Engineering \
> learned today about the details of research being conducted by one of its faculty members and \
> graduate students into the security of the Linux Kernel. The research method used raised \
> serious concerns in the Linux Kernel community and, as of today, this has resulted in the \
> University being banned from contributing to the Linux Kernel.
> We take this situation extremely seriously. We have immediately suspended this line of \
> research. We will investigate the research method and the process by which this research \
> method was approved, determine appropriate remedial action, and safeguard against future \
> issues, if needed. We will report our findings back to the community as soon as practical.
> Sincerely,
>
> Mats Heimdahl, Department Head
> Loren Terveen, Associate Department Head
> "
>
> Ciao, Marcus
>
> On Thu, Apr 22, 2021 at 05:11:42PM +0200, Marcus Meissner wrote:
> > Hi,
> >
> > https://twitter.com/UMNComputerSci/status/1384948683821694976
> >
> > Ciao, Marcus
> >
> >
> > On Thu, Apr 22, 2021 at 02:55:03PM +0000, David H wrote:
> > > Has anyone reported this to \
> > > https://research.umn.edu/ethics-compliance/reporting-research-misconduct ?
> > >
> > > On 4/22/21, 3:00 AM, "Peter Bex" <peter@more-magic.net> wrote:
> > >
> > > Hi all,
> > >
> > > Probably a lot of you know this already but I consider it serious enough
> > > to point out to the OSS security community at large.
> > >
> > > The university of Minnesota has been banned from making any commits to
> > > the Linux kernel after it was found out they'd been submitting bogus
> > > patches to the LKML to knowingly introduce security issues:
> > > https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/
> > >
> > > They also published a paper:
> > > https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf
> > >
> > > I don't know the scope of this research, but it could involve other OSS
> > > projects, now or in the future, as well. Hence this e-mail. If you feel
> > > it's spam or needless drama, feel free to ignore.
> > >
> > > Cheers,
> > > Peter
> >
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic