Re: Report on University of Minnesota Breach-of-Trust Incident

From: Kees Cook
Date: Thu May 06 2021 - 14:40:48 EST

Next message: Joerg Roedel: "Re: [PATCH 2/2] x86/kexec/64: Forbid kexec when running as an SEV-ES guest"
Previous message: Christophe JAILLET: "[PATCH] scsi: snic: Fix an error message"
In reply to: Pavel Machek: "Re: Report on University of Minnesota Breach-of-Trust Incident"
Next in thread: Metztli Information Technology: "Re: Report on University of Minnesota Breach-of-Trust Incident"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 06, 2021 at 10:26:16AM +0200, Pavel Machek wrote:
> Hi!
>
> > Report on University of Minnesota Breach-of-Trust Incident
> >
> > or
> >
> > "An emergency re-review of kernel commits authored by members of the
> > University of Minnesota, due to the Hypocrite Commits research paper."
> >
> > May 5, 2021
>
> Thanks for doing this. I believe short summary is that there was some
> deception from UMN researches in 2020:
>
> > 2020 August:
> > - "Hypocrite Commits" patches from UMN researchers sent to kernel developers
> > under false identities:
> > - Aug 4 13:36-0500
> > https://lore.kernel.org/lkml/20200804183650.4024-1-jameslouisebond@xxxxxxxxx
> > - Aug 9 17:14-0500
> > https://lore.kernel.org/lkml/20200809221453.10235-1-jameslouisebond@xxxxxxxxx
> > - Aug 20 22:12-0500
> > https://lore.kernel.org/lkml/20200821031209.21279-1-acostag.ubuntu@xxxxxxxxx
> > - Aug 20 22:44-0500
> > https://lore.kernel.org/lkml/20200821034458.22472-1-acostag.ubuntu@xxxxxxxxx
> > - Aug 21 02:05-0500
> > https://lore.kernel.org/lkml/20200821070537.30317-1-jameslouisebond@xxxxxxxxx
>
> But there was no deception from UMN in 2021. Yet, we were
> spreading... let's say inaccurate information as late as this:
>
> > 2021 April 29:
> > - Greg posts an update on the re-review along with some more reverts.
> > https://lore.kernel.org/lkml/20210429130811.3353369-1-gregkh@xxxxxxxxxxxxxxxxxxx
>
> # Commits from @umn.edu addresses have been found to be submitted in "bad
> # faith" to try to test the kernel community's ability to review "known
> # malicious" changes.

I would agree that the phrasing here is sub-optimal in that it could
more clearly separate a few related things (e.g. "malicious change" vs
"valid fix"). If I were writing this, I would have said something along
the lines of:

Commits from UMN authors have been found to be submitted with intentional
flaws to try to test the kernel community's ability to review "known
malicious" changes. ...
During review of all submissions, some patches were found to be
unintentionally flawed. ...
Out of an abundance of caution all submissions from this group must be
reverted from the tree and will need to be re-review again. ...

I would also note that in that thread Greg reviewed all the mentioned
patches, clearing all but two of them (which were duplicates to earlier
review).

> UMN apologized. Our reaction to their apology was:
>
> https://lore.kernel.org/lkml/YIV+pLR0nt94q0xQ@xxxxxxxxx/#t
>
> Do we owe them apology, too?

I will defer to Greg on what he thinks his duties are there, but in
trying to figure out who "we" is, I'll just point out that I attempted
to clarify the incorrect assumptions about the intent of historical UMN
patches, and spoke for the entire TAB (Greg included) here:
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
The report repeated this in several places, and we explained our need
for due diligence.

-Kees

--
Kees Cook

Next message: Joerg Roedel: "Re: [PATCH 2/2] x86/kexec/64: Forbid kexec when running as an SEV-ES guest"
Previous message: Christophe JAILLET: "[PATCH] scsi: snic: Fix an error message"
In reply to: Pavel Machek: "Re: Report on University of Minnesota Breach-of-Trust Incident"
Next in thread: Metztli Information Technology: "Re: Report on University of Minnesota Breach-of-Trust Incident"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]