University Responds to Ban On Linux Contributions

News
By Nathaniel Mott
published

"We take this situation extremely seriously"

Image of a penguin.
(Image credit: Shutterstock)

The University of Minnesota Department of Computer Science and Engineering announced that it's looking into a ban on contributing to the Linux kernel that was issued after its research attracted the ire of the stable release channel's steward.

That ban was issued on Wednesday by Greg Kroah-Hartman, a Linux kernel developer responsible for the stable channel's release due to a project that intentionally added bugs to the Linux kernel in the name of security research.

"We take this situation extremely seriously," UMN computer science and engineering head Mats Heimdahl and associate department head Loren Terveen said in a statement, adding that they "immediately suspended this line of research" after the ban was announced.

See more

The project was supposed to show how bad actors can introduce vulnerabilities to open source projects—of which Linux is the most prominent example — by using "hypocrite commits" that hide malevolent intent behind seemingly benign code.

Heimdahl and Terveen also said the CS&E department will "investigate the research method and the process by which this research method was approved, determine appropriate remedial action, and safeguard against future issues, if needed."

Their plan is to "report our findings back to the community as soon as practical." The question, then, is whether or not any remedial action will be enough for the University of Minnesota to be welcomed back into the Linux community.

When asked about the situation yesterday, Kroah-Hartman suggested we speak to the university instead. The University of Minnesota didn't respond to a request for comment, but tagged Tom's Hardware on Twitter to make it aware of its response.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

5 Comments Comment from the forums
  • King_V
    Heimdahl wasn't guarding the bridge at the time?

    I'll, uh, show myself out now..
    Reply
  • -Fran-
    This is the Open Source equivalent of "let's kill a person on the street to prove Police can't be in all places all the time".

    Sigh... Some Universities should impart "common sense 101" as part of their CS curriculums.

    Cheers!
    Reply
  • TJ Hooker
    Regarding the original story, that resulted in the kernel contribution ban, see my comment from the other thread.

    TLDR, there was never a risk of the malicious patches actually getting merged into the kernel.
    Reply
  • Co BIY
    I think this "research" belonged with the rest of the "cutting edge" social science research that is basically a common sense assumption allegedly tested and found to be basically true.

    "In a world where you are building walls to keep out bad guys and accept help from everyone without giving it sufficient scrutiny then bad actors could wreak havoc." and "In a volunteer system with no financial incentives there are very likely to be poor systems of oversight and accountability to prevent this."

    And yes the students should be placed on probation for a couple of semesters, sentenced to work the freshman computer help desk and ordered to cooperate in identifying the bad code they submitted. (after reading TJ Hooker's other posts it looks like they tried to minimize the negative consequences but failed to make everybody happy and failed to realize that making everyone happy is a key component of a volunteer effort like open source software)
    Reply
  • Are you a lumberjack?
    Seems like they proved the point of their research.
    Reply