Join us on our own very special Reddit: /r/Linuxers

Here is your daily dose of WTF. Linux Kernel developer Greg Kroah-Hartman has called out "researchers" from the University of Minnesota and banned them from submitting code to the Linux Kernel.

This story is pretty wild and completely ridiculous. In the name of some apparent research and a written paper titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits", the people involved have now been called out on "sending known-buggy patches to see how the kernel community would react to them".

Part of it goes further, as patches have continued to roll in after the paper was published so they are "continuing to experiment on the kernel community developers by sending such nonsense patches" with the patches not actually doing anything at all. Kroah-Hartman certainly wasn't holding back:

Our community does not appreciate being experimented on, and being "tested" by submitting known patches that are either do nothing on purpose, or introduce bugs on purpose. If you wish to do work like this, I suggest you find a different community to run your experiments on, you are not welcome here.

Because of this, I will now have to ban all future contributions from your University and rip out your previous contributions, as they were obviously submitted in bad-faith with the intent to cause problems.

In a further post Kroah-Hartman sent in a patch to revert a bunch of changes done from the group, so they can go over them fully to ensure they're safe and actually do something.

From a certain point of view, it's nice to know that the Kernel team are good at picking up malicious code and attempts to introduce bugs - but doing this to such a huge important project, live and in the open in the name of research? That's just not right.

Update: so the plot thickens it seems! Sarah Jamie Lewis, the Executive Director of Open Privacy, pointed out on Twitter (be sure to read the thread) that they and others expressed concerns about it in 2020 in a co-signed letter to the IEEE S&P (IEEE Symposium on Security and Privacy). It really doesn't look good.

Update 2: Leadership in the University of Minnesota Department of Computer Science & Engineering department released a statement on Twitter, noting that it has suspended the research and will be looking into how it got approved in the first place.

Article taken from GamingOnLinux.com.
Tags: Kernel, Meta
41 Likes , Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
47 comments
Page: «5/5
  Go to:

Mohandevir 22 Apr
Quoting: Nanobang
Quoting: MohandevirSorry if I'm wrong to think so.

Please, friend Mohandevir, don't ever apologize for what you think. Ideas are the last bastion of freedom, a cornerstone of democracy, and the fuel of all that is Open Source, don't you think? ;)

I, for one, thank you for sharing your thoughts with us. :)

Nice answer from you. Thanks. What I really meant it's that it's possible that I'm being off the track and I'd like to be educated, if possible. It's just a first impression that might be based on false assumptions, from my part.
slembcke 22 Apr
View PC info
  • Supporter Plus
Uff. My cousin-in-law is an engineering prof there and seems pretty mad that the IRB allowed this. His words had more swearing though... Not clear if he knows more details than the article above though.

Just in case people aren't familiar, an IRB, or Institutional Review Board, is the group that review research proposals and get to say "no that's silly and/or unethical".
soulsource 22 Apr
Quoting: slembckeUff. My cousin-in-law is an engineering prof there and seems pretty mad that the IRB allowed this. His words had more swearing though... Not clear if he knows more details than the article above though.

Just in case people aren't familiar, an IRB, or Institutional Review Board, is the group that review research proposals and get to say "no that's silly and/or unethical".

I can understand the swearing. This shines a pretty bad light on the whole university and everyone who graduated/works there. It wouldn't surprise me if this had consequences outside the kernel development, like editors of journals double-checking submissions from the University of Minnesota due to ethical concerns. Those guys probably hurt their own University more than the Linux project...
14 24 Apr
View PC info
  • Supporter Plus
This is a shame.
I like the second press statement from the university we will investigate on how this got approved in the first place translation someone getting fired in the morning.
Quoting: Whitewolfe80I like the second press statement from the university we will investigate on how this got approved in the first place translation someone getting fired in the morning.

While I and others would love to believe that. Based off the fact that this continued to occur after they were "discovered" nor have any names involved been leaked or revealed by the University. They may be inclined to attempt to bury it, which isn't unheard of regarding Universities and controversy. This honestly violates various laws like,
https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act yet no charges have been filed. Hopefully there are at least lawsuits.
Quoting: InhaleOblivion
Quoting: Whitewolfe80I like the second press statement from the university we will investigate on how this got approved in the first place translation someone getting fired in the morning.

While I and others would love to believe that. Based off the fact that this continued to occur after they were "discovered" nor have any names involved been leaked or revealed by the University. They may be inclined to attempt to bury it, which isn't unheard of regarding Universities and controversy. This honestly violates various laws like,
https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act yet no charges have been filed. Hopefully there are at least lawsuits.

Intent is hard to prove though i mean if its is everytime they try to submit a patch then theres no room for doubt. Once or twice could be genuine error
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

This ensures all of our main content remains totally free for everyone with no article paywalls. We also don't have tons of adverts, there's also no tracking and we respect your privacy. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.