oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malicious commits to Linux kernel as part of university study

From: Michael Orlitzky <michael () orlitzky com>
Date: Thu, 22 Apr 2021 14:18:39 -0400
On Thu, 2021-04-22 at 18:49 +0100, Mark Steward wrote:



This looks like a good guess to me, and if correct, means none of the
submissions in the paper were successful:

  https://lore.kernel.org/linux-nfs/YIEqt8iAPVq8sG+t@sol.localdomain/



If you believe them, the researchers never intended to allow the bad
commits into the kernel:

  https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf

On the one hand, they're wasting everyone's time to report a
vulnerability that everyone knows exists already and finding
conclusions that are all obvious and/or useless. But on the other hand,
they don't sound quite as daft as the headlines make them seem. Overly
naive for sure.
Previous By Date Next
Previous By Thread Next

Current thread: