Linus: 'WTF, Kees?'

argante

Linux security people know who Kees Cook is. He's a famous security hacker at Google who is responsible for security solutions in the Linux kernel. His work (e.g. copying code from Grsecurity) has a big impact on Android security as well. And it looks like our security expert has probably been hacked.

Maybe I'm writing this jokingly, but after the XZ backdoor case, such situations are worrying.

EDIT: This appears to be an issue with the Linux kernel's commit management tools.

natoal

argante

So was Kees hacked, were the tools tampered with or was it just an innocuous error? From what I read Kees himself wasn't hacked but someone made it seem as though he introduced malicious code

dhhdjbd

I mean i am no expert, and while it sure is somewhat worrying,

it i ls also good to see that the systems in place to protect from it appear to be working

fid02

natoal So was Kees hacked, were the tools tampered with or was it just an innocuous error? From what I read Kees himself wasn't hacked but someone made it seem as though he introduced malicious code

Take a look at the succeeding email correspondence. It looks like they concluded that this was caused by an issue with b4.

argante

Linus wrote:

You seem to have actively maliciously modified your tree completely.
There are completely crazy commits in there that are entirely fake.
(...)
I will now refuse to pull anything from you until you explain what
the f&*^ you have been up to, because this looks like you have been
doing actively bad things.

It started with this request to add a patch.

The XZ case shows that through seemingly small changes it is possible to introduce a hidden backdoor.

Kees was heavily attacked by Brad Spengler (Grsecurity), for copying code and taking credit. Such practices led to Grsecurity going private. This is funny because Grsecurity was created by porting (Kees-style copying?) Owl patches to newer Linux kernels.

argante

This is a very good summary:
https://www.openwall.com/lists/kernel-hardening/2017/05/01/5