Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp57013pxy; Wed, 21 Apr 2021 18:23:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBR8Rs7aRJ1HXiOaYQMnoGuYdJsBH+nyCiqy+WP4kbf4CAJz0O0O4Bwki59lciXkvIwgvx X-Received: by 2002:a17:902:7203:b029:e6:a8b1:8d37 with SMTP id ba3-20020a1709027203b02900e6a8b18d37mr1055509plb.44.1619054613958; Wed, 21 Apr 2021 18:23:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619054613; cv=none; d=google.com; s=arc-20160816; b=jgHZbGsoj2b2BtMXlW1y3u7fez3grfIyOZnjeIgUJcuwYcRIyBq9vFuYdezpAs3GZo u+wpufA9s/7SNv/v2NnN5w+1I4GXJ5zR7+NM689ClZKp7VPiy5z7lju6pFCoJNFEei+q 1sI4TSoyXmicKAMW2Xz7LqgSg7QW5WBwpOTDLd3XHqW7hOHLa09CUd8E2eG8l/DXQHkE 2jTT8lZfVcCdkfIbZHcHwG6pozPGbxulHGjeQKRBB/KUBkCgRdOw/jiu9dme/En591w+ ZLBIPkiF/XVpY7+dMgDFwoCC+dP2+vdhjlmNDMVBgjB37hDzLTxL9WnfR20D2uHZ2FlN Gf6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=BTxeOvItUf/hQPVBleOY5zaWBy/5NEeiG69sqLNw6SY=; b=VYcYQZialm+TfG1ZCISmefvI09C9cEST89+iMTbw9gFmopCasi574Lno5QOh4baBue 6QZhN4etzLUwuTnAqxaV5ILeLEiLK6/xYxtGd0qgFU+f7w8jBpeFQePNkgf+7TXYD0Zz pHLs02Q7Q1wP53DejyDma1g9EOm8immh9msNoipNqF4yk6KG1u7u5x5mR63M4gN/WLCr pOq79ZKy5f4uEPKDn+s28FACEFcB0K/MMuUcK9oAdqn/8jOQeiRVIElj+QhngJf2BmYB 9VmNAMOUk71TBkkqOOyHNXiZQ4piMoF4RgNrc3WniYp5YxCgcSa3L1sGlKPAgTE4lmsJ LdJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@berkeley-edu.20150623.gappssmtp.com header.s=20150623 header.b=QUhudc+d; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t4si1373538plr.14.2021.04.21.18.23.20; Wed, 21 Apr 2021 18:23:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@berkeley-edu.20150623.gappssmtp.com header.s=20150623 header.b=QUhudc+d; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244805AbhDUU2y (ORCPT + 99 others); Wed, 21 Apr 2021 16:28:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235996AbhDUU2x (ORCPT ); Wed, 21 Apr 2021 16:28:53 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3620C06138A for ; Wed, 21 Apr 2021 13:28:17 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id h8so10690546edb.2 for ; Wed, 21 Apr 2021 13:28:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=berkeley-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=BTxeOvItUf/hQPVBleOY5zaWBy/5NEeiG69sqLNw6SY=; b=QUhudc+dY9APEI3AjukEm29Vkwfr1+uMFpQkygQuzbzuEExw3Mzqx3Tl2om/LIMLai e/HS28L4pkXhkSqAEiiOTRxppDsXU8BnothjmlPFUs87t3Ky6o3b8ihwLa69YN+CKLH1 llQTXExEG+4PXMyea3MC68ZmGDygYPpueTZDgDMDnvN1ABrcWZsUhW73Rb4MEaJhVF9U vO3U6ZSyl7Bngc/vQmc8TFpa7gpM3SR/UFfnJNaOpqTbDDFCS1hqgXnTIa6nxAr1KM8E 8BTJOhpyR3b7ASdcRWL71ERupi93wSpq/zuQUi91kRuiTWH7AYgAo1LGeeETuIqlPDX4 IQJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=BTxeOvItUf/hQPVBleOY5zaWBy/5NEeiG69sqLNw6SY=; b=DVoD8Ds79mHlL9NJM3ArZhUoLNC4WKG6KHGePoJJTsMnXuysUgVIK3C2gZwI8abLLe azAO5wizBqeJRd+wJFVgvCeBhGgboEsGkXeW9XJP7Gi1PpcNvaV+2kGKUR2aFe2obfj+ +54e3hRFfecAgeUodw5kIiD4TZIFIBdJoaeyWV6tJXZGPhny6RTosYcXAu0r4VIdmA1t oFZo6dEnkp+UqItoCie7xA2e2kQ24cWStwRYBQAlM+JwyZnoMTkSwf89V5lgyfCMzZKN FRD8pCq85zBfP0UI9wCLIYiFpNDCc3xmoFOaBFqFN+f4+4q4s4LxTlEVL6uCExMIAIal 9/Dw== X-Gm-Message-State: AOAM5311DKYRIlS5K2+YpgqyC7Lhr9MqvUoa4WUIxWU53+mGMcotTrqc LoI58X3aQpcmNlf0dA/R2TdBC+f1qmTlAk7Ov2iF0Q== X-Received: by 2002:aa7:cb90:: with SMTP id r16mr41647616edt.139.1619036896139; Wed, 21 Apr 2021 13:28:16 -0700 (PDT) MIME-Version: 1.0 From: Weikeng Chen Date: Wed, 21 Apr 2021 13:27:40 -0700 Message-ID: Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg To: tytso@mit.edu Cc: anna.schumaker@netapp.com, bfields@fieldses.org, chuck.lever@oracle.com, davem@davemloft.net, dwysocha@redhat.com, gregkh@linuxfoundation.org, kuba@kernel.org, leon@kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, netdev@vger.kernel.org, pakki001@umn.edu, trond.myklebust@hammerspace.com, w.k@berkeley.edu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org [This is the email that Theodore Ts'o replied to, but it fails to reach the email server due to not using plain mode. Here I resent.] (Note: this thread has become a hot Internet discussion on China's Twitter.) I am a graduate student working in applied crypto, and CoI: I know one of the authors of the S&P paper. Some thoughts. [1] I think the UMN IRB makes an incorrect assertion that the research is not human research, and that starts the entire problem and probably continues to be. It clearly affects humans. I think UMN IRB lacks experience regarding human experiments in CS research, and should be informed that their decisions that this is not human research are fundamentally wrong--- it misled the reviewers as well as misled the researchers. --- [2] Banning UMN seems to be a temporary solution. I don't disagree. But it still might not prevent such proof-of-concept efforts: one could use a non-campus address. It might be helpful to inform the PC chairs of major security conferences, S&P, USENIX Security, CCS, and NDSS, regarding the need to discourage software security papers from making proofs-of-concept in the real world in wild that may be hurtful, as well as concerns on the sufficiency of IRB review---some IRB may lack experience for CS research. Some conferences have been being more careful about this recently. For example, NDSS accepts a paper on a browser bug but attaches a statement saying that the PC has ethical concerns. See: "Tales of Favicons and Caches: Persistent Tracking in Modern Browsers", NDSS '21 --- [3] Let us not forget that the author is using their real campus address and is open to such pressure. Thus, I think the authors, as students and researchers, have no bad faith; but they are misled that this experimental procedure is acceptable, which is not. Sorry for jumping in... Weikeng