Join us on the Linux Gaming community on Lemmy, the federated open source alternative to Reddit.

Here is your daily dose of WTF. Linux Kernel developer Greg Kroah-Hartman has called out "researchers" from the University of Minnesota and banned them from submitting code to the Linux Kernel.

This story is pretty wild and completely ridiculous. In the name of some apparent research and a written paper titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits", the people involved have now been called out on "sending known-buggy patches to see how the kernel community would react to them".

Part of it goes further, as patches have continued to roll in after the paper was published so they are "continuing to experiment on the kernel community developers by sending such nonsense patches" with the patches not actually doing anything at all. Kroah-Hartman certainly wasn't holding back:

Our community does not appreciate being experimented on, and being "tested" by submitting known patches that are either do nothing on purpose, or introduce bugs on purpose. If you wish to do work like this, I suggest you find a different community to run your experiments on, you are not welcome here.

Because of this, I will now have to ban all future contributions from your University and rip out your previous contributions, as they were obviously submitted in bad-faith with the intent to cause problems.

In a further post Kroah-Hartman sent in a patch to revert a bunch of changes done from the group, so they can go over them fully to ensure they're safe and actually do something.

From a certain point of view, it's nice to know that the Kernel team are good at picking up malicious code and attempts to introduce bugs - but doing this to such a huge important project, live and in the open in the name of research? That's just not right.

Update: so the plot thickens it seems! Sarah Jamie Lewis, the Executive Director of Open Privacy, pointed out on Twitter (be sure to read the thread) that they and others expressed concerns about it in 2020 in a co-signed letter to the IEEE S&P (IEEE Symposium on Security and Privacy). It really doesn't look good.

Update 2: Leadership in the University of Minnesota Department of Computer Science & Engineering department released a statement on Twitter, noting that it has suspended the research and will be looking into how it got approved in the first place.

Article taken from GamingOnLinux.com.
Tags: Kernel, Meta
41 Likes , Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
47 comments
Page: «3/5»
  Go to:

mirv 21 Apr
View PC info
  • Supporter Plus
So this wasn't just some students being idiotic, this was with knowledge of the university itself for so-called "research". No, it was just people being arrogant and idiotic, and trying trying to cover it in the name of an educational institution.

I was originally thinking that blocking an entire university from submitting patches was extreme, but if the university condones such actions then no, I think it's the minimum that should be done.
Liam Dawe 21 Apr
Update 2: Leadership in the University of Minnesota Department of Computer Science & Engineering released a statement on Twitter, noting that it has suspended the research and will be looking into how it got approved in the first place.
mirv 21 Apr
View PC info
  • Supporter Plus
I have to wonder if the "leadership" would have done anything had they learned of it without so much publicity going on.

I'm guessing they already did know of it.
vv221 21 Apr
Quoting: Loftyforeign interference ?
What do you call foreign when the subject at hand is Linux kernel development?
whizse 21 Apr
  • Supporter
Quoting: vv221What do you call foreign when the subject at hand is Linux kernel development?
The BSD crowd.
Lofty 21 Apr
Quoting: vv221
Quoting: Loftyforeign interference ?
What do you call foreign when the subject at hand is Linux kernel development?

Actually a good point. I hadn't thought of it like that.

il stick with my first thought on the matter.


Last edited by Lofty on 21 April 2021 at 9:46 pm UTC
Quoting: Alm888I have a research proposition: let's get ourselves a pharmaceutical company and force this company to introduce poison in some of its medications and distribute those poisoned drugs trough common distribution network. In the name of research, of course! I think we must determine the pharmaceutical industry's ability to identify and block malicious drugs!

HINT: That was a sarcasm.
Wasn't that Oxycontin?
(No, my mistake--they did that one deliberately)


Last edited by Purple Library Guy on 21 April 2021 at 11:04 pm UTC
slaapliedje 21 Apr
View PC info
  • Supporter Plus
Quoting: LoftyEveryday we step closer to the brink of idiocracy.
https://www.youtube.com/watch?v=v435y5TNMjQ

Pretty sure it's already confirmed...
slaapliedje 21 Apr
View PC info
  • Supporter Plus
Quoting: Purple Library Guy
Quoting: Alm888I have a research proposition: let's get ourselves a pharmaceutical company and force this company to introduce poison in some of its medications and distribute those poisoned drugs trough common distribution network. In the name of research, of course! I think we must determine the pharmaceutical industry's ability to identify and block malicious drugs!

HINT: That was a sarcasm.
Wasn't that Oxycontin?
(No, my mistake--they did that one deliberately)

This is where the software used for gamingonlinux needs to have different things besides just a 'like'. As I'd like, laugh, cry and praise this comment!
kokoko3k 22 Apr
If i understood well,there are 2, distinct facts here:

1) Researchers did it wrong.
2) Linux needs more code quality control in the first place, since the malicious code made its way into mainline and stayed there unnoticed for a long time.

Personally, i don't care much about the former, but the latter scares me and still i notice that everyone is focusing on #1.
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

We have no adverts, no paywalls, no timed exclusive articles. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.

Livestreams & Videos
Community Livestreams