The University of Minnesota Department of Computer Science and Engineering announced that it's looking into a ban on contributing to the Linux kernel that was issued after its research attracted the ire of the stable release channel's steward.
That ban was issued on Wednesday by Greg Kroah-Hartman, a Linux kernel developer responsible for the stable channel's release due to a project that intentionally added bugs to the Linux kernel in the name of security research.
"We take this situation extremely seriously," UMN computer science and engineering head Mats Heimdahl and associate department head Loren Terveen said in a statement, adding that they "immediately suspended this line of research" after the ban was announced.
Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux Kernel. pic.twitter.com/QE9rrAyyMXApril 21, 2021
The project was supposed to show how bad actors can introduce vulnerabilities to open source projects—of which Linux is the most prominent example — by using "hypocrite commits" that hide malevolent intent behind seemingly benign code.
Heimdahl and Terveen also said the CS&E department will "investigate the research method and the process by which this research method was approved, determine appropriate remedial action, and safeguard against future issues, if needed."
Their plan is to "report our findings back to the community as soon as practical." The question, then, is whether or not any remedial action will be enough for the University of Minnesota to be welcomed back into the Linux community.
When asked about the situation yesterday, Kroah-Hartman suggested we speak to the university instead. The University of Minnesota didn't respond to a request for comment, but tagged Tom's Hardware on Twitter to make it aware of its response.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.
Heimdahl wasn't guarding the bridge at the time?Reply
I'll, uh, show myself out now..
This is the Open Source equivalent of "let's kill a person on the street to prove Police can't be in all places all the time".Reply
Sigh... Some Universities should impart "common sense 101" as part of their CS curriculums.
Regarding the original story, that resulted in the kernel contribution ban, see my comment from the other thread.Reply
TLDR, there was never a risk of the malicious patches actually getting merged into the kernel.
I think this "research" belonged with the rest of the "cutting edge" social science research that is basically a common sense assumption allegedly tested and found to be basically true.Reply
"In a world where you are building walls to keep out bad guys and accept help from everyone without giving it sufficient scrutiny then bad actors could wreak havoc." and "In a volunteer system with no financial incentives there are very likely to be poor systems of oversight and accountability to prevent this."
And yes the students should be placed on probation for a couple of semesters, sentenced to work the freshman computer help desk and ordered to cooperate in identifying the bad code they submitted. (after reading TJ Hooker's other posts it looks like they tried to minimize the negative consequences but failed to make everybody happy and failed to realize that making everyone happy is a key component of a volunteer effort like open source software)
Seems like they proved the point of their research.Reply