The University of Minnesota has restricted from adding to the Linux kernel. By one of its maintainers after researchers from the school intentionally submitted code with security blemishes.
All of the previous contributions from students and faculty are also being removed from the system.
Recently two researchers from the college delivered a paper. Enumerating how they had submitted known security vulnerabilities to the Linux kernel to show how conceivably malignant code could get past the endorsement cycle.
The Linux Foundation has banned the University of Minnesota from making Linux contributions after it intentionally submitted “nonsense” and buggy patches. https://t.co/IgcvXDZeWB pic.twitter.com/aEY0mV3ugW
— OC3D (@OC3D) April 23, 2021
Now, after another student from the university submitted code that reportedly does nothing, kernel maintainer and Linux Foundation fellow Greg Kroah-Hartman has released a statement calling for all kernel maintainers to reject any code submissions from anyone using a umn.edu email address.
Notwithstanding not tolerating any new code from the university. The entirety of the code submitted in the past is being eliminated and re-evaluated.
It seems like it will be a gigantic measure of work. Yet Kroah-Hartman has clarified that the developer community doesn’t appreciate “being investigated” and that the entirety of the code from the university has been raised doubt about because of the research.
The university has put out a statement. Saying it’s been made aware of the research and its resulting ban from contributing. It says it has suspended that line of research and will investigate how the examination was approved and carried out.
In a statement meant to clarify the study. The researchers said they intended to bring attention to issues with the submission process — mainly, the fact that bugs. Including ones that were potentially maliciously crafted, could slip through.
Kernel developer Laura Abbot countered this in a blog post, saying that the possibility of bugs slipping through is well-known in the open-source software community. In what appears to be a private message. the person who submitted the reportedly nonfunctional code called Kroah-Hartman’s accusations that the code was known to be invalid “wild” and “bordering on slander.”
It’s hazy if that submission — which commenced the momentum controversy — was very of a research project. The person who submitted it did so with their umn.edu email address. While the patches submitted in the study were done through random Gmail addresses. And the submitter claimed that the faulty code was created by a tool. Kroah-Hartman’s response basically said that he found it unlikely that a tool had created the code, and, given the research. He couldn’t trust that the patch was made in good faith either way.
There’s been criticism from some in the open-source community. Saying that Kroah-Hartman choosing to pull any patches submitted by U of M personal is an eruption. Which could prompt bugs fixed by legitimate patches being reintroduced. It is significant notwithstanding. That the arrangement is to re-audit the patches and to resubmit them in the event that they’re found to be legitimate.