'Re: [oss-security] Malicious commits to Linux kernel as part of university study'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Malicious commits to Linux kernel as part of university study
From:       Thomas Ward <teward () thomas-ward ! net>
Date:       2021-04-24 16:20:38
Message-ID: b11bd2b0-1f34-4d41-9555-d31de13d43da () thomas-ward ! net
[Download RAW message or body]


Clarification is from 2020.   That clarification doesn't address the fact that this is still \
technically research misconduct regardless of the clarifications.   The Linux Kernel has banned \
commits from University of Michigan because of a large volume of noise and useless patch \
requests among other things.   So it still requires a misconduct evaluation.

⁣Get BlueMail for Android 


-------- Original Message --------
From: Silas <silas.cutler@blacklistthisdomain.com>
Sent: Fri Apr 23 23:32:27 EDT 2021
To: oss-security@lists.openwall.com
Subject: Re: [oss-security] Malicious commits to Linux kernel as part of university study

Hello,

They issued a clarification as well:
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf

- S



On 4/22/21 12:25 PM, Marcus Meissner wrote:
> Hi,
> 
> to follow the "give complete content" requirement, here their statement on their website:
> 
> https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
> 
> "
> Statement from CS&E on Linux Kernel research - April 21, 2021
> 
> Leadership in the University of Minnesota Department of Computer Science & Engineering \
> learned today about the details of research being conducted by one of its faculty members and \
> graduate students into the security of the Linux Kernel. The research method used raised \
> serious concerns in the Linux Kernel community and, as of today, this has resulted in the \
> University being banned from contributing to the Linux Kernel. 
> We take this situation extremely seriously. We have immediately suspended this line of \
> research. We will investigate the research method and the process by which this research \
> method was approved, determine appropriate remedial action, and safeguard against future \
> issues, if needed. We will report our findings back to the community as soon as practical. 
> Sincerely,
> 
> Mats Heimdahl, Department Head
> Loren Terveen, Associate Department Head
> "
> 
> Ciao, Marcus
> 
> On Thu, Apr 22, 2021 at 05:11:42PM +0200, Marcus Meissner wrote:
> > Hi,
> > 
> > https://twitter.com/UMNComputerSci/status/1384948683821694976
> > 
> > Ciao, Marcus
> > 
> > 
> > On Thu, Apr 22, 2021 at 02:55:03PM +0000, David H wrote:
> > > Has anyone reported this to \
> > > https://research.umn.edu/ethics-compliance/reporting-research-misconduct ? 
> > > 
> > > On 4/22/21, 3:00 AM, "Peter Bex" <peter@more-magic.net> wrote:
> > > 
> > > Hi all,
> > > 
> > > Probably a lot of you know this already but I consider it serious enough
> > > to point out to the OSS security community at large.
> > > 
> > > The university of Minnesota has been banned from making any commits to
> > > the Linux kernel after it was found out they'd been submitting bogus
> > > patches to the LKML to knowingly introduce security issues:
> > > https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/
> > > 
> > > They also published a paper:
> > > https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf
> > >  
> > > I don't know the scope of this research, but it could involve other OSS
> > > projects, now or in the future, as well.  Hence this e-mail.  If you feel
> > > it's spam or needless drama, feel free to ignore.
> > > 
> > > Cheers,
> > > Peter
> > 



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic