Academics face backlash after trying to sneak dodgy code into Linux

Linux
(Image credit: Image Credit: Pixabay)

A couple of computer scientists at the University of Minnesota riled up veteran Linux kernel developers by intentionally submitting questionable code to the mainline kernel.

The scientists introduced what are known as use-after-free bugs into the kernel for the purposes of their research, aptly titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits."

The paper describes how the authors submitted dubious code that would introduce error conditions into the kernel. The researchers claim they subsequently contacted Linux maintainers to prevent any of their code ending up in the official kernel release.

However, a new round of patches from other scientists at the university, which again appeared deceptive, was enough to exasperate Greg Kroah-Hartman.

"Our community does not appreciate being experimented on, and being 'tested' by submitting known patches that either do nothing on purpose, or introduce bugs on purpose," wrote Kroah-Hartman.

Off limits

The intent of the original paper was apparently to highlight the shortcomings in the development process of the Linux kernel. However, it was a new set of deceptive patches that ticked off Kroah-Hartman.

"So what am I supposed to think here, other than that you and your group are continuing to experiment on the kernel community developers by sending such nonsense patches,” he remarked.

But he didn’t stop there. He backed up his threat of asking the researchers to find a different community to run their experiments on, banning all future contributions from anyone at the University of Minnesota. 

Then he went one step further and proposed to purge all the contributions to the Linux kernel made from official University of Minnesota email addresses. 

Last heard, the proposal had been accepted, but the debate rages on. While repeatedly running experiments on the kernel in the name of research shouldn’t be tolerated, developers are divided on the severity of Kroah-Hartman blanket ban. 

Via The Register

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.